Earlier this month Sen. Shaheen (D,NH) introduced S 715, the
Smart Manufacturing Leadership Act. The bill would require the Secretary of
Energy to develop a smart manufacturing plan and to provide assistance to
small- and medium-sized manufacturers in implementing smart manufacturing
programs. The bill is nearly identical to S
768 that was introduced in the 115th Congress. The earlier bill
saw no action beyond its introduction.
Differences
The only differences between the two bills is that the staff
added two sub-paragraphs to §4(b)
of the bill. That paragraph outlined the actions that Federal agencies would
take in support of the smart manufacturing plan required by this bill. The two
new actions included in §4(b)(2)
are:
• Actions to increase cybersecurity
in smart manufacturing infrastructure;
• Deployment of existing research results; and
Moving Forward
While Shaheen is not a member of the Senate Energy and
Natural Resources Committee to which this bill was assigned for consideration,
Sen. Alexander (R,TN) is. Adding Alexander as a cosponsor may see this bill
considered by the Committee this session. No regulatory requirements are being
added by this bill so there are unlikely to be any philosophical objections to
the bill.
The major impediment to passage of this bill is the
inclusion of a $10 million authorization for the grant program included in §7. That is small change
in the Federal budget, but the money will have to come from somewhere. Shaheen
avoided this spending problem in the other portions of her bill by requiring
the money for the planning process to come out of Department unobligated funds;
this left the spending allocation problem in the hands of DOE not Congress.
That would have been difficult to do with a new grant program.
Commentary
It is interesting to see that one of the new sub-paragraph
additions to this bill was similar in intent to a recommendation I made on S
768; readers would be unsurprised to realize that the language was dealing with
cybersecurity. Unfortunately, the major cybersecurity suggestion I had for the
bill was not adopted in the new version of the bill. I still think that the
existing provisions are inadequate, so I would like to re-suggest the following
addition be made to the definitions in §3:
§3(10):
“VOLUNTARY CYBERSECURITY STANDARDS AND PROTOCOLS -The term “voluntary
cybersecurity standards and protocols” means a standard and/or protocol
developed by the National Institute of Standards and Technology (NIST) or
recognized independent standards setting organizations that an electronic
equipment manufacturer, system integrator or system owner may voluntarily apply
in the manufacture, integration or operation of an industrial control system,
energy management system or information and communication technology system,
that would protect such systems from a cyber threat as that term is defined in
6 USC 1501.”
This definition would then be used in new wording for the
added §4(b)(2)(D):
“encourage
to the development, promulgation and implementation of voluntary cybersecurity
standards and protocols in smart manufacturing operations; and”
As I noted in my post on S 768 this simple, generic language
could add a significant measure of cybersecurity support to this bill without
drawing any significant opposition from manufacturers fearing new government
regulations.
Posts
No comments:
Post a Comment