Yesterday the House passed HR 2105, the NIST Small Business
Cybersecurity Act of 2017, by a voice
vote under the suspension of the rules process. The twenty-five minutes of debate
on this bill consisted solely of speakers supporting the measure. The bill
would require the National Institute of Standards and Technology (NIST) to
consider small businesses when it facilitates and supports the development of
voluntary, consensus-based, industry-led guidelines and procedures to
cost-effectively reduce cyber risks to critical infrastructure.
I have not covered this bill to this point because it is
entirely IT-centric. The bill requires that the NIST provided resources “vary
with the nature and size of the implementing small business concern, and the
nature and sensitivity of the data collected or stored on the information
systems or devices of the implementing small business concern” {§3(c)(2)(B)}.
The bill is very similar to S 770
which passed in the Senate last month under the unanimous consent process. It
is not clear, at this point, whether or not the Senate will take up HR 2105 as
a separate measure or if the leadership will arrange for these two bills to be
considered as one and work out the differences in conference. In any case,
there is little chance that either bill will be modified to include industrial
control systems in the NIST support requirements.
Posts
No comments:
Post a Comment