Earlier this month, Rep Slotkin (D,MI) introduced HR 7174, the National Computer Forensics Institute Reauthorization Act of 2022. The bill would reauthorize the Secret Service’s NCFI through 2032 and expand the scope of responsibilities for the Institute. It would make several changes to 6 USC 383, including adding a list of definitions of key terms. The bill does not include authorization for expenditures to support these changes.
Moving Forward
Slotkin and a number of her 14 cosponsors {including Chairman Thompson (D,MS) and Rep McCaul (R,TX)} are members of the House Homeland Security Committee to which this bill was assigned for consideration. This means that there is certainly sufficient influence to see this bill considered in Committee. This bill will certainly be approved in Committee by a substantial bipartisan majority. The bill will likely be considered in the full House under the suspension of the rules process.
Commentary
The addition the three definitions to the bill ensures that the control system security issues fall within the scope of the NCFI. But it does point out once again that there is a disconnect in cybersecurity definitions in the US Code. Here, for example, the bill uses the control system inclusive definition of the term information system while also defining the term ‘incident’ by reference to a section of 6 USC that uses the IT restrictive definition of that term. Technically, that means that in this section wherever the term ‘information system’ is used it includes control systems, but where the term ‘incident’ is used control systems are excluded. I have discussed this problem many times before, but most explicitly here.
For more details on the provisions of this bill, including a
look at the expanded responsibilities for NCFI, see my article at CFSN Detailed
Analysis - https://patrickcoyle.substack.com/p/hr-7174-introduced
- subscription required.
Posts
No comments:
Post a Comment