Thursday, June 17, 2021

Review - S 1260 and Cybersecurity

With the recent publication of the engrossed version (passed in the Senate) of S 1260, the United States Innovation and Competition Act of 2021, I have now had a chance to go back and look at the cybersecurity related provisions that were included in the massive, 2375 pages, bill. In addition to the new sections added in the substitute language that I briefly mentioned earlier, there were a number of provisions added in passing that are worthy of mention.

Protecting research from cyber theft

Section 2305 amends 15 USC 272(e)(1)(A) by adding ‘institutions of higher education’ to the list of considerations NIST has to address in developing consensus-based cybersecurity standards. Additionally, §2305(b) requires NIST to “disseminate and make publicly available resources to help research institutions and institutions of higher education identify, protect the institution involved from, detect, respond to, and recover to manage the cybersecurity risk of the institution involved related to conducting research.”

NASA Cybersecurity

Section 2676 (pg 690) would amend 51 USC 20301 by adding a requirement for the NASA Administrator to “up-date and improve the cybersecurity of NASA space assets and supporting infrastructure” {new §20301(c)}. NASA would also be required to establish a Cyber Security Operations Center. Finally, it would authorize NASA to “implement a cyber threat hunt capability to proactively search NASA information systems for advanced cyber threats that otherwise evade existing security tools” {§2676(c)(1)}.

Cyber Response and Recovery

Section 4252 (pg 1238) is the Cyber Response and Recovery Act. It is essentially the language of S 1316, which I have previously described in detail.

Federal Rotational Cyber Workforce Program

Division D of the bill includes Title II, Cyber and Artificial Intelligence. Subtitle B (pg 1257) of that Title is the Federal Rotational Cyber Workforce Program Act of 2021. It is essentially the language of S 1097 which the Senate Homeland Security and Governmental Affairs Committee ordered reported favorably last month.

Commentary

Almost all of the cybersecurity provisions in this bill are limited to information technology because of the language or definitions involved. It is not clear that that was the intention of the crafters of this bill, but it is certainly the effect.

For a more detailed look at the cyber provisions of S 1260, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/s-1260-and-cybersecurity (subscription required).

No comments:

 
/* Use this with templates/template-twocol.html */