The Senate Homeland Security and Governmental Affairs
Committee published their
report on HR 2825,
the Department of Homeland Security (DHS) Authorization Act of 2017, as
amended by that Committee back in March. There is no new information of
consequence in this report, but its publication does effectively clear this
bill for consideration by the full Senate.
Interestingly this bill does also include authorization
language for the DHS Cybersecurity and Infrastructure Security Agency which was
earlier authorized by the passage
of HR 3359. There are some differences in the CISA authorization language
in the two bills. The language of this bill would supersede the language of HR
3359 if it is adopted.
CISA Authorization
The first major difference between the two bills is the
addition of the responsibility for the oversight of electromagnetic pulse (EMP)
and geomagnetic disturbance (GMD) protection and preparedness activities. This is
initially set forth in the new 6 USC 2202(c)(5) (pg 940). The requirement is
further outlined in the new 6 USC 2204 setting forth the duties of the Infrastructure
Security Division of CISA.
Section 2204(d)(6) requires annual reports to Congress on “the
threats and con5
sequences, as of the date of the information, of
electromagnetic events to the critical infrastructure of the United States”.
That report would include outlining DHS activities with respect to {new §2204(d)(6)(B), pg 958}:
• Risk assessments;
• Mitigation actions;
• Coordination with the Department
of Energy to identify critical electric infrastructure assets subject to EMP or
GMD risk; and
• Current and future plans for engagement with the
Department of Energy, the Department of Defense, the National Oceanic and
Atmospheric Administration, and other relevant Federal departments and
agencies;
The report to Congress would also address present and future
collaborative efforts the Department has (or plans to have) with critical
infrastructure owners and operators as well as {new §2204(d)(6), pg 958}:
• An identification of internal
roles to address electromagnetic risks to critical infrastructure; and
• Plans for implementation and protecting
and preparing United States critical infrastructure against electromagnetic
threats.
The final major difference between the two bills with
respect to CISA authorization is the way they handle the movement of Federal
Protective Service within DHS. HR 3359 allowed the Secretary to either move FPS
into CISA or some other organization within DHS and then report to Congress on
that move. HR 2825 instead requires the Secretary to make a determination on
the best place to move FPS and then seek Congressional approval for that move.
There are a couple of relatively minor wording changes in
the language of the two bills. One is rather odd. In the new §2202(i), the savings
clause that affirms that the revision in both bills has no effect on any existing
authorities the following final phrase found in HR 3359 is absent in HR 2825:
“including the authority provided
to the Sector-Specific Agency specified in section 61003(c) of division F of
the Fixing America’s Surface Transportation Act (6 U.S.C. 121 note; Public Law
114–94).”
Moving Forward
As I mentioned earlier this report now clears the bill for
potential consideration by the whole Senate. The bipartisan support seen in
Committee should mean that the bill would pass the Senate. The problem here,
this late in the session is that it will be difficult to bring up the bill in
normal order with debate and further amendments. Practically speaking this means
that this bill would have to be passed under the unanimous consent process
which could be stopped by the opposition of a single senator to even relatively
minor provisions in the bill. I suspect that this report is the last we will
see of this bill in the 115th Congress.
Posts
No comments:
Post a Comment