Monday, August 30, 2021

Committee Hearings – Week of 8-30-21

This week with the House (technically) and Senate still in their summer recess (the House is in a ‘Committee Hearing Week’) there are three hearings being held in the House. One of those hearings is a markup of HR 4350, the FY 2022 NDAA, and the other is a hearing on cybersecurity incident reporting. More hearings could be announced later this week.

HR 4350 Markup

Before the Summer Recess began the subcommittees of the House Armed Services Committee had all completed their markups of HR 4350. On Wednesday, the full Committee will meet to meld those markups into a complete bill ready for reporting to the Full House.

A copy of the markup from the Subcommittee on Cyber, Innovative Technologies, and Information Systems is available. There is only one cybersecurity provision of note in that markup: SEC. 1511 – Legacy Information Technologies and Systems Accountability. While ‘legacy systems’ are a common issue in control system operations the Subcommittee has an unconventional definition of ‘legacy systems’. It is operationally defined in §1511(b)(1) as being “applications, software, and information technologies that are considered active or operational, but which are judged to no longer be required by the respective Department.” I suspect that that could be more of a security problem than just being out of support.

Cyber Incident Reporting

On Wednesday the Cybersecurity, Infrastructure Protection, & Innovation Subcommittee of the House Homeland Security Committee will hold a hearing on “Stakeholder Perspectives on the Cyber Incident Reporting for Critical Infrastructure Act of 2021”. The witness list includes:

• Ronald Bushar, Mandiant,

• Heather Hogsett, Bank Policy Institute (BPI),

• John Miller, Information Technology Industrial Council (ITI),

• Robert Mayer, USTelecom.

I suspect we will hear lots of ‘voluntary’ and ‘information sharing’ from the witnesses. It will be interesting to see what questions the Members will be asking about reporting mandates.

I have not yet seen a House bill of this title introduced. I suspect that the Subcommittee is in the process of crafting such a bill along the general lines of S 2407.

No comments:

/* Use this with templates/template-twocol.html */