Tuesday, May 18, 2021

Update on Cybersecurity Markup – 5-18-21

The House Homeland Security web site now has complete listings for the seven bills that it will be marking up this afternoon. Four of the bills are cybersecurity bills and a fifth deals with critical infrastructure. I have not yet had a chance to publish detailed reviews of each of these bills, so I am going to do a quick review of those that I have not reviewed.

The five bills of interest are:

HR 2980, the “Cybersecurity Vulnerability Remediation Act”

• HR 3138, the “State and Local Cybersecurity Improvement Act”

• HR 3223, the “CISA Cyber Exercise Act”

• HR 3243, the “Pipeline Security Act”

• HR 3264, the “Domains Critical to Homeland Security Act”

HR 3138

This bill is similar to HR 5823 from last session. It would establish a grant program, the State and Local Cybersecurity Grant Program, with $500 million being authorized each year for the program through 2026. Each grant applicant would have to submit a cybersecurity plan to DHS for approval. Each applicant would also have to establish a cybersecurity planning committee. Multi-state grants would be authorized.

CISA would be required to establish a State and Local Cybersecurity Resiliency Committee. CISA would also be required to prepare and maintain a resource guide to help officials identify, prepare for, detect, protect against, respond to, and recover from cybersecurity risks, cybersecurity threats, and incidents.

Definition of ‘information system’ in this bill uses the ICS inclusive definition from 6 USC 1501.

HR 3223

This bill would amend the Homeland Security Act or 2002 by adding a new section 2220A, National Cyber Exercise Program. It would require CISA to establish a National Cyber Exercise Program  to evaluate the National Cyber Incident Response Plan. No additional funding authorization is provided. CISA is already conducting similar cybersecurity exercises.

HR 3243

This bill (Committee Print) would amend 49 USC 114, Transportation Security Administration, mandating that TSA continue being responsible for securing pipeline transportation and pipeline facilities against cybersecurity threats {new §114(f)(16)}.

It would also add a new section 1631, Pipeline Security Section, to a new Subtitle D, Pipeline Security, to the Homeland Security Act of 2002. It would require TSA to establish a pipeline security section to implement the responsibilities of §114(F)(16) {§1631(a)}. The new section would include personnel with cybersecurity expertise {§1631(c)}.

HR 3264

This bill (Committee Print) would add a new section 890B, Homeland Security Critical Domain Re6 Search And Development, to the Homeland Security Act of 2002. It defines two new terms {§890B(c)}: ‘United States critical domains for economic security’ (NOT related to  the cyber term ‘domains’) and ‘economic security’. Section 890B(a) would authorize research and development to identify and evaluate United States critical domains for economic security and homeland security. The bill authorizes $1 million for this program.

No comments:

/* Use this with templates/template-twocol.html */