Yesterday the House passed HR
5074, the DHS Cyber Incident Response Teams Act of 2018, by a voice vote.
The bill would authorize the establishment and use of “cyber hunt and incident
response teams” in the National Cybersecurity and Communications Integration
Center (NCCIC). No additional funding is provided in this bill.
As I mentioned yesterday, this bill has been officially referred
to as being considered “as amended” and no amendments were offered or approved
when the bill was
considered by the House Homeland Security Committee. The Congressional
Record for
yesterday (pg H 1661) makes the same statement. I have reviewed the original
bill, the reported
version (published overnight) and the version published in the Record and
can find no differences between these three versions. Maybe there will be some
explanation when the Committee Report (H Rept 115-607) is printed later this
week.
It is difficult to predict whether or not this bill will be
taken up by the Senate. If it does make it to the Senate floor, I suspect that
it will be at the end the day under the Senate’s ‘without objection’
procedures; meaning no debate and no vote.
If this bill does become law, it will have an interesting
potential consequence. With the use of the term ‘control systems’ in the new
paragraph (f)(1)(D) of 6 USC 148, we see an official opening of the NCCIC to
consideration of control system incidents, particularly since the term is used
with these incident response teams. The IT-limited definition of ‘information
systems’ in §148
has not specifically prohibited NCCIC from consideration of ICS incidents, but
it has not provided specific authorization either. I would still prefer to see
the definition of ‘information systems’ at §148(a)(5) to an ICS inclusive definition (as in §1501), but the provision
in this bill should make it reasonably clear that NCCIC should consider control
system incidents as part of its area of interest.
Posts
No comments:
Post a Comment