S 4024 Introduced – Cybersecurity Advisory Committee

Last month Sen Perdue (R,GA) introduced S 4024, the Cybersecurity Advisory Committee Authorization Act of 2020. The bill would require the DHS Cybersecurity and Infrastructure Security Agency (CISA) to establish a Cybersecurity Advisory Committee to advise, consult with, report to, and make recommendations to the Director on the development, refinement, and implementation of policies, programs, planning, and training pertaining to the cybersecurity mission of the Agency.

The Committee would consist of not more than 35 people from a cross-section industries and State and local governments. The Committee would meet at least twice a year and one meeting per year would be required to be open to the public. Committee members would not be compensated. There are no funds appropriated in this bill.

The Committee would not be subject to the requirements of the Federal Advisory Committee Act (FACA, 5 USC APP).

Moving Forward

Perdue is not a member of the Senate Homeland Security and Governmental Affairs Committee to which this bill was assigned for consideration. His cosponsor {Sen Sinema (D,AZ)}, however, is a member. This means that there is a chance that the bill may be considered in Committee. Unfortunately, in this COVID-19 restricted election year, the chance of this bill being considered is low.

I see nothing in the language of the bill that would engender any significant opposition to the bill.

Similar language to this bill was included as §6614 in the Substitute Language (SA 2301, pg S3944) for S 4049, the FY 2020 National Defense Authorization Act.

Commentary

This type of advisory committee has been very useful in providing a wide range of expertise and experience to the government for little or no expense. The DOT, for example, has found this type of committee very helpful in crafting regulatory language.

The FACA exception is necessary because it is expected that this Committee will handle classified and sensitive but unclassified information. FACA has no provisions for exempting such information from the open records requirements of the act.