I did not mention in my earlier post that the Senate Homeland Security and Governmental Affairs Committee would include consideration of S 2540, the CISA Technical Corrections and Improvements Act of 2021, in their business meeting on Wednesday. I have not covered this bill in this blog because it is one of those housekeeping bills that is generally of interest to editors and lawyers. But, today, it was pointed out to me that this bill also contains something near and dear to my heart, changes to definitions.
Moving Forward
This bill will be considered by the Senate Homeland Security and Governmental Affairs Committee on Wednesday. I suspect that the problems identified above will be corrected by an amendment in the form of a substitute. Or they could just send the bill back to the Staff to get the bugs worked out.
Commentary
I am disappointed that with all of the convoluted changes being made by this bill, there were no real changes being made to the inadequate cybersecurity definitions used throughout 6 USC. The current definitions do not adequately address, or even include in some cases, the peculiar cybersecurity needs of operational technology. Admittedly, this is a pet peeve of mine that I addressed at some length here. But someone needs to take the time to look at these definitional shortcomings, and this bill probably would have been a good place to do that.
For more details on the definitional changes being made, and
the problems with those changes, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/s-2540-cyber-definitions
- subscription required.
No comments:
Post a Comment