Bills Introduced – 7-21-21

Yesterday, with both the House and Senate in session, there were 60 bills introduced. Four of those bills may receive additional coverage in this blog:

HR 4597 To amend the Federal Water Pollution Control Act to make certain projects and activities eligible for financial assistance under a State water pollution control revolving fund, and for other purposes. Rep. Garamendi, John [D-CA-3]

HR 4609 To reauthorize the National Institute of Standards and Technology, and for other purposes. Rep. Stevens, Haley M. [D-MI-11]

HR 4611 To direct the Secretary of Homeland Security to issue guidance with respect to certain information and communications technology or services contracts, and for other purposes. Rep. Torres, Ritchie [D-NY-15]

S 2407 A bill to ensure timely Federal Government awareness of cyber intrusions that pose a threat to national security, enable the development of a common operating picture of national-level cyber threats, and to make appropriate, actionable cyber threat information available to the relevant government and private sector entities, as well as the public, and for other purposes. Sen. Warner, Mark [D-VA] 

I will be watching HR 4597 and HR 4611 for language and definitions that would include industrial control systems within the coverage of the bill.

I will be covering HR 4609 as NIST has become an important cybersecurity standards setting organization for the US Government.

S 2407 is the long awaited and much publicized Senate Intelligence Committee bill on reporting of cyber incidents. It has an impressive list of cosponsors. See Warner’s press release of the bill here. A draft version of the bill (GPO version will be out sometime) has been provided by Warner’s office. After a quick scan I see one thing of importance (certainly there will be more as I look at it in more depth), the bill kicks down to CISA the responsibility for defining what ‘critical infrastructure’ organizations will be required to report cyber breaches. This could become the de facto list of what constitutes critical infrastructure.