This week with both the House and Senate meeting in
Washington, there will be a full slate of committee hearings. Hearings of
interest include the markup of the Senate version of the FY 2022 National
Defense Authorization Act, three cybersecurity hearings and the start of the
consideration process for FY 2022 spending bills. And we will have an
interesting slate of cybersecurity legislation being considered on the floor of
the House.
NDAA Markup in Senate
The Senate Armed Services Committee will be marking up their
version of the FY 2022 NDAA. Each subcommittee will
be meeting to markup their portions of the NDAA on Monday and Tuesday. Then
the full
Committee will meet Wednesday and probably Thursday to complete the markup
process. The subcommittee markups of interest here include:
• Monday - Subcommittee on
Cybersecurity. CLOSED
• Tuesday - Subcommittee on
Emerging Threats and Capabilities. CLOSED.
Cybersecurity Hearings
On Tuesday the House Small Business Committee will be holding
a hearing on “Strengthening the Cybersecurity Posture of America’s Small
Business Community”. This hearing is unlikely to specifically address control
system security issues. The witness list will include:
• Tasha Cornish, Cybersecurity Association of Maryland,
Inc.,
• Sharon Nichols, Mississippi Small Business Development
Center,
• Kiersten Todt, Cyber Readiness Institute,
• Graham Dufault, The App Association,
On Tuesday the Subcommittee on Oversight and Investigations
of the House Committee on Energy and Commerce will be holding
a hearing on "Stopping Digital Thieves: The Growing Threat of
Ransomware". This hearing is very likely to specifically address control
system security issues and could get fairly technical. The witness list
includes:
• Kemba Walden, Microsoft Corporation,
• Robert M. Lee, Dragos,
• Christian Dameff, M.D., M.S., Medical Director of Cybersecurity,
UC San Diego Health,
• Charles Carmakal, FireEye-Mandiant
• Philip Reiner, Institute for Security and Technology
On Wednesday, the Senate Environment and Public Works
Committee will be holding
a hearing on “Addressing Cybersecurity Vulnerabilities Facing Our Nation’s
Physical Infrastructure”. While the witness list is not yet available, there is
a decent chance that there will be some discussion about control system
cybersecurity issues. I would not be surprised to see witnesses from the water
treatment sector.
Spending Bills
The House Rules Committee has
announced that they are accepting amendments for the first spending bill
for FY 2022. The House will be considering a minibus (multiple spending bills under
one bill number), probably next week. The amendment deadline is Wednesday
evening and the Committee is likely to hold their rulemaking hearing next
Monday.
The slate for the first minibus is set to include:
Division A (Labor, Health and Human Services, Education),
Division B (HR 4356 – Agriculture, Rural Development),
Division C (Energy and Water Development),
Division D (HR 4345 – Financial Services and General Government),.
Division E (HR
4372 – Interior, Environment),
Division F (HR 4355 – Military Construction, Veterans
Affairs),
Division G (Transportation, Housing, and Urban Development),
I do not typically review the FSG, or MCV spending bills,
and the ARD bill contained nothing that I cover in this blog. The LHHS and THUD
bills will probably be introduced today.
On the Floor
The House will be spreading their 27 bills considered under
suspension of the rules over two days this week. The list includes seven
cybersecurity bills:
• Monday
◦ HR 2931 – Enhancing Grid Security through
Public-Private Partnerships Act,
◦ HR
2928 – Cyber Sense Act of 2021
• Tuesday
◦ HR
1871 – Transportation Security Transparency Improvement Act,
◦ HR 3138
– State and Local Cybersecurity Improvement Act, as amended,
◦ HR
1833 – DHS Industrial Control Systems Capabilities Enhancement Act of 2021,
as amended,
◦ HR 2980 –
Cybersecurity Vulnerability Remediation Act, as amended,
◦ HR
3223 – CISA Cyber Exercise Act
Republicans have been forcing recorded votes on the suspension
bills. Democrats have responded by voting on some and including the remainder
in the vote on the language of the rule for consideration of bills under
regular order. This may make reporting passage of these bills somewhat piece
meal.