Monday, November 26, 2018

HR 2825 Reported in Senate – FY2018 DHS Authorization

The Senate Homeland Security and Governmental Affairs Committee published their report on HR 2825, the Department of Homeland Security (DHS) Authorization Act of 2017, as amended by that Committee back in March. There is no new information of consequence in this report, but its publication does effectively clear this bill for consideration by the full Senate.

Interestingly this bill does also include authorization language for the DHS Cybersecurity and Infrastructure Security Agency which was earlier authorized by the passage of HR 3359. There are some differences in the CISA authorization language in the two bills. The language of this bill would supersede the language of HR 3359 if it is adopted.

CISA Authorization

The first major difference between the two bills is the addition of the responsibility for the oversight of electromagnetic pulse (EMP) and geomagnetic disturbance (GMD) protection and preparedness activities. This is initially set forth in the new 6 USC 2202(c)(5) (pg 940). The requirement is further outlined in the new 6 USC 2204 setting forth the duties of the Infrastructure Security Division of CISA.

Section 2204(d)(6) requires annual reports to Congress on “the threats and con5
sequences, as of the date of the information, of electromagnetic events to the critical infrastructure of the United States”. That report would include outlining DHS activities with respect to {new §2204(d)(6)(B), pg 958}:

• Risk assessments;
• Mitigation actions;
• Coordination with the Department of Energy to identify critical electric infrastructure assets subject to EMP or GMD risk; and
Current and future plans for engagement with the Department of Energy, the Department of Defense, the National Oceanic and Atmospheric Administration, and other relevant Federal departments and agencies;

The report to Congress would also address present and future collaborative efforts the Department has (or plans to have) with critical infrastructure owners and operators as well as {new §2204(d)(6), pg 958}:

• An identification of internal roles to address electromagnetic risks to critical infrastructure; and
• Plans for implementation and protecting and preparing United States critical infrastructure against electromagnetic threats.

The final major difference between the two bills with respect to CISA authorization is the way they handle the movement of Federal Protective Service within DHS. HR 3359 allowed the Secretary to either move FPS into CISA or some other organization within DHS and then report to Congress on that move. HR 2825 instead requires the Secretary to make a determination on the best place to move FPS and then seek Congressional approval for that move.

There are a couple of relatively minor wording changes in the language of the two bills. One is rather odd. In the new §2202(i), the savings clause that affirms that the revision in both bills has no effect on any existing authorities the following final phrase found in HR 3359 is absent in HR 2825:

“including the authority provided to the Sector-Specific Agency specified in section 61003(c) of division F of the Fixing America’s Surface Transportation Act (6 U.S.C. 121 note; Public Law 114–94).”

Moving Forward

As I mentioned earlier this report now clears the bill for potential consideration by the whole Senate. The bipartisan support seen in Committee should mean that the bill would pass the Senate. The problem here, this late in the session is that it will be difficult to bring up the bill in normal order with debate and further amendments. Practically speaking this means that this bill would have to be passed under the unanimous consent process which could be stopped by the opposition of a single senator to even relatively minor provisions in the bill. I suspect that this report is the last we will see of this bill in the 115th Congress.

No comments:

/* Use this with templates/template-twocol.html */