This week the Senate Energy and Natural Resources Committee
published their report on S
79, the Securing Energy Infrastructure Act. It was accompanied by the revised
language for the bill that was adopted
by that Committee earlier this year. The next step for the bill will be for its
consideration before the Senate.
I have already covered the changes in the bill so most of
this report is old news. The ‘Background and Need’ section of the report (pgs
3-4) is well worth reading as a succinct statement about the state of control
system security, at least as it is seen by Congress. The whole thing is worth
reading, but I would like to quote the last paragraph in full:
“As it has become increasingly
clear that industrial control systems are vulnerable to attack, it has also
become apparent that there is insufficient information available to the
Department of Energy, the National Laboratories, electric utilities,
manufacturers of grid-related equipment, and other interested entities about
the security vulnerabilities of these systems. Also lacking is a sufficient evaluation
of technology and standards to isolate and defend industrial control systems
from security vulnerabilities in the most critical systems. Finally, as
identifying cyber vulnerabilities and defending against them is a
responsibility shared by multiple government agencies and private sector
institutions including asset owners, further opportunities for working-level
collaboration by these entities are necessary.”
It will be interesting to see if/when this bill makes it to
the floor of the Senate. With the strong bipartisan support that it received in
Committee, I expect that it will be able to pass if it is considered. Again,
probably the strongest impediment to this bill passing is the $11.5 million
authorized to supports its requirements. That is federal-chump-change, but the
money has to come from somewhere and that can be contentious.
Posts
No comments:
Post a Comment