Thursday, October 12, 2017

House Passes IT Cybersecurity Measure

Yesterday the House passed HR 2105, the NIST Small Business Cybersecurity Act of 2017, by a voice vote under the suspension of the rules process. The twenty-five minutes of debate on this bill consisted solely of speakers supporting the measure. The bill would require the National Institute of Standards and Technology (NIST) to consider small businesses when it facilitates and supports the development of voluntary, consensus-based, industry-led guidelines and procedures to cost-effectively reduce cyber risks to critical infrastructure.

I have not covered this bill to this point because it is entirely IT-centric. The bill requires that the NIST provided resources “vary with the nature and size of the implementing small business concern, and the nature and sensitivity of the data collected or stored on the information systems or devices of the implementing small business concern” {§3(c)(2)(B)}.

The bill is very similar to S 770 which passed in the Senate last month under the unanimous consent process. It is not clear, at this point, whether or not the Senate will take up HR 2105 as a separate measure or if the leadership will arrange for these two bills to be considered as one and work out the differences in conference. In any case, there is little chance that either bill will be modified to include industrial control systems in the NIST support requirements.

No comments:

/* Use this with templates/template-twocol.html */