Thursday, November 2, 2017

HR 4151 Introduced – STREET Act

Last week Rep. Comstock (R,VA) introduced HR 4151, the Smart Technology for Resilient, Efficient, Economic and Reliable Transportation in Cities and Communities (STREET) Act. The bill is designed to to promote smart technologies and systems to reduce transportation costs, traffic congestion, air pollution, energy use, and carbon emissions for communities of all sizes.

Definitions


Section 2 of the bill provides a number of lengthy definitions of the terms used in the bill. There are no specific cybersecurity definitions, but the terms ‘secure’ and ‘cybersecurity’ are used in the definition of ‘Smart System or Community’ in §2(7). It includes as a characteristic of a smart system or community the integration of measures “to enhance the resilience of civic systems against cybersecurity threats and physical and social vulnerabilities and breaches” {§2(7)(B)(v)(I)}.

Resource Guide


The Department of Energy (in coordination with the departments of Transportation, Housing and Urban Development, and the National Science Foundation) is required in §4 to publish on-line “a resource guide designed to assist States, communities, and cities in developing and implementing smart city or community programs” {§4(a)(1)}. The guide is permitted to include “voluntary, industry-led, international consensus standards and best practices, in collaboration with the National Institute of Standards and Technology, for safeguarding cybersecurity and appropriate data management and data privacy” {§4(b)(3)(C)}.

Grant Program


Section 5 of the bill would require DOT to establish another round to the Smart Cities Challenge “provide grants on a competitive basis to small- and medium-sized communities to implement smart transportation proposals” {§5(a)}. The grants would range between $20 million and $40 million and $100 million would be authorized for the grant program in each fiscal year between 2018 and 2022.

Moving Forward


Both Comstock and her cosponsor, Rep. Etsy (D,CT), are members of both the House Transportation and Infrastructure Committee and the Science, Space, and Technology Committee, the two committees  to which the bill was assigned for consideration. The bipartisan sponsorship increases the likelihood that the bill could be considered by the two committees.

The only portion of the bill that could raise significant opposition to its consideration is the inclusion of authorization for the grant program. As with any new money authorization, the money would have to come from some other program, probably within the Transportation Department.

Commentary


While there are no specific cybersecurity definitions within this bill (or references to existing cybersecurity definitions) there are numerous references to ‘information’ and ‘privacy’ and no references to control systems or vehicle operations. This would certainly lead one to conclude that this is an IT-centric bill if not actually limited to IT systems.

The bill should have included a definition of the term cybersecurity since the term is used in multiple places in the bill. Because of the rising importance of operations in smart technology the drafters would have been ill advised to use an IT-limited definition like that found in 6 USC 148.

In an earlier blog post I provided a definition of ‘cybersecurity risk’ after providing supporting definitions of ‘information system’ and ‘control system’. Using the same supporting definitions I would like to provide a legislative definition of ‘cybersecurity’:


The term cybersecurity means a set of actions, procedures or processes under taken to protect information systems or control systems from unauthorized access, use, disclosure, degradation, disruption, modification, or destruction of such information, information systems, or control systems, including such related consequences caused by an act of terrorism.

No comments:

 
/* Use this with templates/template-twocol.html */