Committee Hearings – Week of 7-23-27

This week, with both the House and Senate in session we start to see action on spending bills in the Senate while House spending bills start to move to the floor of the House. Additionally, there is two cybersecurity hearing scheduled this week one on insurance and the other a markup hearing.

Spending Bills (Senate Appropriations Committee)

7-25-17 (Subcommittee) FY2018 Transportation, Housing and Urban Development (THUD), & Related Agencies Appropriations Act;

7-26-17 (Subcommittee) FY2018 Commerce, Justice, Science (CJS) & Related Agencies Appropriations Act

7-27-17 (Full Committee) CJS, THUD, and Legislative Branch Appropriations Bills for FY2018

DOD Spending Bill

The House Rules Committee will hold a hearing to formulate the rule for HR 3219 tonight. What was the DOD FY 2018 spending bill is now the Make America Secure Appropriations Act, 2018; a mash-up of four spending bills {HR 3219 (DOD), HR 3162 (Legislative Branch), HR 2998 (Military Construction/VA), and HR 3266 (Energy and Water Development)}.

None of those bills currently have any provisions of specific interest here. The amendment process could certainly change that.

Proposed amendments are supposed to be submitted by later this morning. There were 28 amendments already submitted by 8:00 am EDT. There is only one cyber related amendment (cyber scholarship spending) currently on the list, but that will probably change.

The bill is currently scheduled to come to the floor later this week (Wednesday?).

Cybersecurity Insurance

On Wednesday the House Small Business Committee will be holding a hearing on “Protecting Small Businesses from Cyber Attacks: The Cybersecurity Insurance Option”. The witness list includes:

• Robert Luft, SureFire Innovations;
• Erica Davis, Zurich Insurance;
• Eric Cernak, Munich Re US;
• Daimon Geopfert, Security and Privacy ConsultingRisk Advisory Services

I will be very surprised if control system security issues are even mentioned in passing, but I am certainly open to surprises.

Cybersecurity Markup

The House Homeland Security Committee will be holding a mark-up hearing on Wednesday. Two of the bills may be of specific interest to readers of this blog. The first is HR 3202, Cyber Vulnerability Disclosure Reporting Act, the bill I reviewed yesterday. I certainly hope the Committee adds provisions requiring public posting of the unclassified report.

The second is a new (not yet introduced) bill by Chairman McCaul (R,TX) that would establish the Cybersecurity and Infrastructure Security Agency to replace the current National Protection and Programs Directorate. A committee print of the bill is available and a quick review of the provisions shows that it still relies on the IT-centric definition of ‘cybersecurity risk’ found in 6 USC 148(a). I would really like to see this bill change that definition to one based on the ‘information system’ definition found in 6 USC 1501(9). More on this bill later.

On the Floor of the House

In addition to HR 3219 mentioned above there are two other bills of potential interest currently on the schedule for consideration on the floor of the House. The first is HR 3180, the Intelligence Authorization Act for Fiscal Year 2018. While there are some cyber related provisions in the unclassified portion of the bill, none are of specific interest to readers of this blog. The bill will be considered today under the suspension of the rules, so no amendments will be possible.

The second is an as of yet unintroduced “Russia, Iran, and North Korea Sanctions Act”. It will be considered tomorrow, so it will be introduced today. A very quick review of the committee draft of bill does show mention of cybersecurity related sanctions. I’ll review those in more detail later. Interestingly, this bill is also being considered under the suspension of the rules provisions indicating that the leadership thinks this bill will receive substantial bipartisan support to meet the 2/3 majority vote required for passage.