HR 2044 Introduced – Smart Buildings

Last month Rep. Welch (D,VT) introduced HR 2044, the Smart Building Acceleration Act. The bill would require the Secretary of Energy to establish a Federal Smart Building Program that would implement smart building technology and demonstrate the costs and benefits of smart buildings. The bill is very similar to HR 5069 and S 2447 that were introduced in the 115^th Congress; no action was taken on either bill. Welch also proposed an amendment to HR 8 in the 115^th Congress that was similar to this bill; it was not considered.

Differences in the New Bill

There were two additions made to this bill (as compared to S 2447). First, a definition was added for the new term ‘internet of things technology solution’ {§3(6)}. Then that new term was used in a new subparagraph (K) in the description of the proposed research program in §6(b)(2):

(K) integration of internet of things technology solutions, including measures to increase water and energy efficiency, improve water quality, support real-time utility management, and enable actionable analytics and predictive maintenance to improve building systems long term viability; and

Moving Forward

Welch is a member {as is his single cosponsor, Rep. Kinzinger (R,IL)} of the House Energy and Commerce Committee, one of the three Committees to which this bill is assigned for consideration. With the new Democratic leadership in the House, I think that it is more likely that this bill will be considered in that Committee this session.

As with the earlier bills, I do not see anything in the language of this bill that would cause any serious opposition especially since there are no regulations proposed nor specific spending authorized. If the bill is considered, I suspect that there will be substantial bipartisan support. The biggest impediment to this bill getting to the floor of the House (most likely under the suspension of the rules process) is the intra-committee infighting over jurisdiction with the bill being referred to three committees. The Energy and Commerce Committee is the only one likely to hold hearings, but it will take some horse-trading with the other two committee chairs to bring the bill to the floor of the House. I am not sure that the Chairman Pallone has enough interest in this bill to call in the necessary favors from the other two chairs.

Commentary

This bill includes the same vague cybersecurity language as did the earlier versions. As I said in my earlier post on S 2447, the research provision in §6(b)(2)(E) is likely to be the most important. Having said that, I would like to propose a few changes that would address the cybersecurity challenges that I identified in that earlier blog post.

First, I would add a definition of ‘cybersecurity’ to §3:

(7) Cybersecurity – The term ‘cybersecurity’ means a set of actions, policies and procedures established to reduce the cybersecurity risk (as defined in 6 USC 1501) to building information technology and control systems supporting the smart building processes and specifically including the internet of things technology solutions being implemented.

Next, I would propose an addition to the initial requirement to establish the ‘Federal Smart Building Program’ by adding an information sharing provision to §4(a):

(3) to provide agencies a method of sharing information about smart building technology.

Then, I would add language to the ‘leveraging existing program’ requirements of §6 by adding a new paragraph specifically addressing cybersecurity information sharing:

(b) In coordination with the Director of the DHS Cybersecurity and Infrastructure Security Agency, establish a mechanism for sharing information with owners/managers of facilities identified as being part of the Smart Building Program about the cybersecurity risks to building information technology and control systems, specifically including newly identified vulnerabilities in the components of those systems;

These changes would help to better address the cybersecurity concerns about smart building technology without adding overly specific (and subject to rapid change) cybersecurity requirements.