Earlier this week, Rep Eshoo (D,CA) introduced HR 6541, the Improving Cybersecurity of Small Businesses, Nonprofits, and Local Governments Act. The bill would require CISA to prepare an annual report for cybersecurity for small entities and to promote the report to potentially affected small entities. The report required by this bill would be similar to the guidance required by S 2483. No funding is authorized by this bill.
The bill would amend the Homeland Security Act of 2002 by adding a new §2220D, Annual Cybersecurity Report for Small Entities.
Moving Forward
Eshoo is not a member (nor are her two cosponsors) of the House Small Business Committee to which this bill was assigned for consideration. This means that there is little chance that this bill will be taken up by the Committee. If the bill were considered, I suspect that it would receive bipartisan support.
Commentary
This bill continues the congressional trend for ignoring the existence of operational technology as it may be affected by cybersecurity concerns. The definition of ‘electronic device’ is limited to those devices “capable of sending, receiving, or processing personal information.” Small entities as described in this bill could be expected to employ operational technology in manufacturing, building control systems, transportation systems or security systems. Cyberattacks on those systems could cripple the organization as much as an attack on information systems.
The report required in this bill could be expanded to include cybersecurity of operational technologies by modifying subparagraph (C) of the definition of ‘electronic device’ to read:
(C) capable of:
(i) sending, receiving, or
processing personal information, or
(ii) monitoring or controlling manufacturing, building environmental, transportation, or facility security systems.
For more information on this bill, including a listing of
report requirements, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/hr-6541-introduced
- subscription required.
No comments:
Post a Comment