Monday, October 4, 2021

Committee Hearings – Week of 10-3-21

This week the Senate will be in Washington and the House will be holding hearings mostly remotely. A fairly lite slate of hearing, with just two of interest here. First a hearing on ‘data security’ and second a markup hearing with two cybersecurity bills.

Data Security

The Senate Commerce, Science, and Transportation Committee will hold a hearing on “Enhancing Data Security” on Wednesday. The witness list includes:

• James E. Lee, Identity Theft Resource Center,

• Jessica Rich, Of Counsel, Kelley Drye,

• Edward W. Felten, Princeton University,         

• Kate Tummarello, Engine

I do not normally cover ‘information security’ here, but the description of the Committee web site makes this sound fairly comprehensive:

“This hearing is the second in a series examining the growing urgency to protect consumer privacy and safeguard our data, as well as the need to ensure the Federal Trade Commission is equipped with the authorities and resources to fight digital harms and hold bad actors accountable for increasing privacy violations, data breaches, internet scams, ransomware assaults and other harmful data abuses. The hearing will address major recent cybersecurity incidents, the impact of data breaches on consumers and businesses, and the current state of commercial data security practices.”

I do not really expect that there will be any discussion of control system security issues, but the ransomware discussions may touch on them.

Markup Hearing

On Wednesday the Senate Homeland Security and Governmental Affairs Committee will be holding a business meeting. The agenda reports that, in addition to seven nominations considerations, five markups will be held that include two cyber security bills:

• S 2875, Cyber Incident Reporting Act of 2021, and

• A yet to be introduced, Federal Information Security Modernization Act of 2021.

I have not yet seen the official language for S 2875. It is, however, one of the cyber incident reporting bills that are under consideration in Congress. According to news reports (here, for example) this has a 24-hour reporting deadline. As always though, the devil is in the details. I suspect that the GPO will publish this bill today or tomorrow, so I may be able to review it before the hearing. The second bill is almost certainly an update to the current FISMA program.

No comments:

/* Use this with templates/template-twocol.html */