S 3928 Introduced – Continuity of the Economy

Last month Sen Peters (D,MI) introduced S 3928, the Continuity of the Economy Act of 2020. The bill would require to President to “develop and maintain a plan to maintain and restore the economy of the United States in response to a significant event” {§2(b)}.

Definitions

Section 2(a) provides the definitions of key terms used in the bill. Those terms include:

• Agency,

• Economic sector,

• Relevant actor,

• Significant event, and

• State

The only two term of unique interest in this bill are the terms ‘relevant actor’ and ‘significant event’.

The first term is a broadly defined term meaning the Federal Government, a State, local, or Tribal government, or the private sector{§2(a)(3)}. The second term, ‘significant event’ is defined as “an event that causes severe degradation to economic activity in the United States due to a cyber attack; or another significant event that is natural or human-caused” {§2(a)(4)}.

The Plan

The plan in this bill would be consistent with a free market economy and the rule of law, as well as respect private property rights. The plan would include requirements to {§2(b)(3)}:

• Examine the distribution of goods and services across the United States necessary for the reliable functioning of the United States during a significant event,

• Identify the economic functions of relevant actors, the disruption, corruption, or dysfunction of which would have a debilitating effect in the United States on security, economic security, defense readiness, or public health or safety,

• Identify the critical distribution mechanisms for each economic sector that should be prioritized for operation during a significant event,

• Identify economic functions of relevant actors, the disruption, corruption, or dysfunction of which would cause catastrophic economic loss, the loss of public confidence, or the widespread imperilment of human life,

• Identify the economic functions of relevant actors that are so vital to the economy of the United States that the disruption, corruption, or dysfunction of those economic functions would undermine response, recovery, or mobilization efforts during a significant event.

The plan would also address two specific cyber operations related sets of action:

• Identify {§2(b)(3)(G)} industrial control networks on which the interests of national security outweigh the benefits of dependence on internet connectivity, including networks that are required to maintain defense readiness, and

• Identify {§2(b)(3)(H)} critical economic sectors for which the preservation of data in a protected, verified, and uncorrupted status would be required for the quick recovery of the economy of the United States in the face of a significant disruption following a significant event

For each the industrial control systems identified above the plan would also have to identify {§2(b)(3)(G)(ii)} the most feasible and optimal locations for the installation of parallel services, stand-alone analog services, and services that are otherwise hardened against failure;

The plan would be required to be submitted to Congress within two years of the enactment of this bill. The plan would be required to be updated every three years thereafter.

Moving Forward

Peters is not a member of the Banking, Housing and Urban Affairs Committee to which this bill was assigned for consideration. This would normally be expected to hinder consideration of that bill within Committee, thus effectively killing the bill.

Peters instead submitted the language from this bill as SA 2275 [pg S 3719], an amendment to S 4049, the FY 2020 NDAA. That amendment was adopted as part of the en bloc amendment consideration last week. The Senate will continue consideration of that bill when they return on July 20^th. The NDAA language that will eventually be adopted by the Senate will most probably contain the provisions from this bill and it will probably remain in the version of the bill that makes it out of conference once the House adopts its own bill.

Commentary

It is obvious that Peters was inspired by the fiasco of a response to COVID-19 to craft this bill. The fact that he could see beyond the immediate pandemic to other potential economic catastrophes is probably more of a tribute to his staff. I do find it somewhat amusing, however, that a pandemic is not specifically included in the definition of ‘significant event’ along with ‘cyber attack’ instead of lumping it in within the self-referential “another significant event that is natural or human-caused”.

The problem is, of course, that an effective pandemic response, as the President and his staff have surely discovered, is fraught with all sorts of problems related to national authority, States rights and individual civil liberties. That combined with the fact that an effective response is going to have clearly identifiable economic consequences for which the person in charge is going to have to pay a steep political price means that politicians are ill-suited to the task for preparing in advance for things like COVID-19.

Thus, Peters’ relying on a ‘cyber attack’ as the principle cause of the economic catastrophe requiring this plan. The word ‘attack’ congers up a physical adversary that triggers the national defense prerogatives of the Federal government. That national defense tie expands the President’s authority to act in ways that would never be acceptable in a response to a mere disease. It also explains why this bill was able to be added to the NDAA without debate.

Unfortunately, with our distributed and independent manufacturing and distribution base, there is only one ‘cyberattack’ target that could ‘reasonably’ be expected to cause the same widespread disruption to our economy as envisioned in this bill, a large-scale attack on the electric grid that prevents multi-state electrical distribution for extended (months) periods of time. That ‘event’ is much more practically addressed in preventive activities at DOE.

Two other potential attack modes deserve to be specifically addressed in a bill such as this; an electromagnetic pulse (EMP) attack and a more direct limited-nuclear attack (forget planning for a large scale nuclear attack, it could not survive the first detonation). Both modes of attack are just as reasonable as a major cyberattack on the electric grid. All three of them require subtly different planning and response activities and should be addressed differently in the planning process.

And that is the major draw back of this bill. It fails to recognize that there is no one-size-fits-all response plan for all large-scale economic catastrophes. No can we, nor should we, try to plan for all potential nationwide emergency events at the same time, it is not practical. We need to identify the most likely large economic disasters and start planning for them one at a time; the full planning resources of the Federal government focused on one at a time. Then, in turn, the States and local governments should be brought into the planning process to develop their co-implementations of the response plans.

That has been one of the major problems (and it is becoming more obvious every day) of the COVID-19 response. Not only has there not been a plan at the Federal level, but State and local governments are each trying to react on their own without a plan and inevitably have been butting heads with each other and the Federal government to the great detriment of the populous.

This bill (and it similar implementation in the NDAA) needs to be withdrawn and a more honest attempt at addressing the real problems needs to be attempted. If this is about pandemic response planning (and in my opinion it should be) then a detailed debate about the role of the Federal, State and local governments in that response needs to be under taken; clear authorities and responsibilities need to be defined; and a coordinated efforts needs to be addressed. This bill completely disregards those issues for obviously political reasons.