Bills Introduced -10-12-17

Yesterday, with only the House in session and preparing to leave for a week working in their districts (fund raising, campaigning and constituent support), there were 49 bills introduced. Remembering that most bills introduced in these situations are proposed to provide talking-points back home (not serious attempts at legislating), there were six bills that may be of interest to readers of this blog:

HR 4036 To amend title 18, United States Code, to provide a defense to prosecution for fraud and related activity in connection with computers for persons defending against unauthorized intrusions into their computers, and for other purposes. Rep. Graves, Tom [R-GA-14]

HR 4038 To amend the Homeland Security Act of 2002 to reassert article I authorities over the Department of Homeland Security, and for other purposes. Rep. McCaul, Michael T. [R-TX-10]

HR 4050 To support research, development, and other activities to develop innovative vehicle technologies, and for other purposes. Rep. Dingell, Debbie [D-MI-12]

HR 4051 To direct the Secretary of Transportation to establish a bollard installation grant program, and for other purposes. Rep. Espaillat, Adriano [D-NY-13]

HR 4053 To amend the Fair Credit Reporting Act to require an independent audit of the cybersecurity practices of certain consumer reporting agencies, and for other purposes. Rep. Fortenberry, Jeff [R-NE-1]

HR 4064 To impose restrictions on the sale of binary explosives, and for other purposes. Rep. Soto, Darren [D-FL-9]

Any changes made to 18 USC 1030 are going to be of potential interest to the cybersecurity research community. This may be an attempt to carve out an exemption for ‘hacking back’. Definitions would be very important here.

It is unusual for a Republican (and a Committee Chair) to introduce a bill reasserting congressional oversight during a Republican administration. I suspect that this may be related to pending changes in the organization of National Protection and Programs Directorate (NPPD), including the move of ICS-CERT to NCCIC.

HR 4050 sounds like a research grant program for automated vehicles. It will be interesting to see if it specifically includes cybersecurity provisions.

Bollards are a common security measure to prevent vehicles from going where they are not wanted. I suspect that HR 4051 is a response to recent vehicle attacks on pedestrians, but definitions matter and this could be used by chemical facilities to fund bollards used to prevent access by vehicle borne explosives. Again, definitions will be critical.

I am certainly not going to expand this blog to include coverage of credit reporting agencies (Brian Krebs has that space covered really well), but the idea of ‘independent cybersecurity audits’, may prove to be an interesting way of regulating cybersecurity.

Congress has mixed success with establishing regulatory schemes for explosives. The ATF has a pretty robust program going, but attempts to get DHS involved in the control of the sale of ammonium nitrate are still stalled since the regulations were authorized in 2007. It will be interesting to see how HR 4064 addresses the situation for binary explosives.