Wednesday, September 30, 2020

House Passes 3 DOE Cybersecurity Bills – 9-29-20

Yesterday the House considered three Department of Energy cybersecurity related bills under the suspension of the rules process. All three bills passed by voice vote.

The three bills were:

HR 359, the Enhancing Grid Security through Public-Private Partnerships Act,

HR 360, the Cyber Sense Act of 2019, and

HR 362, the Energy Emergency Leadership Act

I have not covered HR 362 here in this blog. It would amend 42 USC 7133(a); specifically adding ‘cybersecurity’ as one of the functions which would be assigned to one of more of the eight Assistant Secretaries in the Department.

Moving Forward

These three bills now move to the Senate for possible consideration. None of the bills is important enough in the grand scheme of things to be considered on the floor of the Senate under normal order (debate, amendment and multiple votes), especially this late in a COVID-19, election-year limited session. The only hope that these bills have for action in the Senate would be consideration under the unanimous consent process. The voice votes yesterday would seem to indicate that that could be possible.

Unfortunately, unanimous consent motions can be stopped by the objection of a single Senator. That objection would not necessarily have anything to do with the provisions of the bill but could be used as a lever for one or more Senators to have their way on some other legislative priority. I will be pleasantly surprised if any of these bills are considered in the Senate


Of the three bills, only HR 360 has the potential of accomplishing anything in the cybersecurity realm. The other two bills are Congressional ‘we did something’ bills that essentially reaffirm actions already taken by DOE.

But even HR 360 will be of limited effect since it is a voluntary program for vendors and utilities. The only real mandate is the prohibition on information sharing by DOE about vulnerabilities discovered during testing. Since vendors could still continue to sell the vulnerable devices (especially outside of the utility market), this could actually increase the risks for end users, even within the ‘protected’ electric sector.

Of course, the biggest drawback to HR 360 is that the lack of funding for the proposed Cyber Sense program.

No comments:

/* Use this with templates/template-twocol.html */