HR 1850 Introduced - Supporting Research and Development for First Responders Act

Last week Rep Rice (D,NY) introduced HR 1850 (GPO version not available, link to Committee Print), the Supporting Research and Development for First Responders Act. The bill would authorize DHS S&T to establish the current National Urban Security Technology Laboratory (NUSTL) “to test and evaluate emerging technologies and conduct research and development to assist emergency response providers in preparing for, and protecting against, threats of terrorism” { new §322(a)}.

NUSTL

This bill amends the Homeland Security Act of 2002 by adding a new section 322 to Title III of the Act. It provides for the establishment of the NUSTL and mandates that the laboratory will {new §322(b)(2)}:

• Conduct tests, evaluations, and assessments of current and emerging technologies, including, as appropriate, the cybersecurity of such technologies that can connect to the internet, for emergency response providers,

• Act as a technical advisor to emergency response providers, and

• Carry out other such activities as the Secretary determines appropriate.

Moving Forward

The House Homeland Security Committee is taking up this bill today. I expect that it will receive substantial bipartisan support. It will move to the floor of the House, where it will be considered under the suspension of the rules process. That will limit debate, prevent amendments from the floor, and require a supermajority for passage. The bill will pass in the House with substantial bipartisan support.

Commentary

This bill is a housekeeping measure. The NUSTL already exits and has been funded for sometime. The housekeeping nature is further evidenced by the fact that there is no authorization (MONEY) language in the bill, it is already a line-item in the S&T budget.

But, housekeeping also means straightening up things, and there is one item that should be addressed in the bill. Since the language specifically addresses cybersecurity research, I think that it is only proper that it should specifically include language establishing a cybersecurity information sharing requirement. So I would like to propose two subparagraphs being inserted in the §322(c):

“(3) act as a clearing house for first responder information on cybersecurity issues related to discovered and reported vulnerabilities and indicators of compromise on technologies used by first responders that can connect to the internet,

“(4) coordinate vulnerability reporting with vendors and developers for vulnerabilities identified by research at the Lab and by those vulnerabilities reported to the Lab by independent cybersecurity researchers,”