Last month, Sen Hickenlooper (D,CO) introduced S 513, the Insure Cybersecurity Act of 2023. The bill would require the Department of Commerce to convene an interagency working grout to look at issues related to cyber insurance. Once a report from the working group is produced, DOC would be required to provide the public with “informative resources for cyber insurance stakeholder”. No funding is authorized by this bill.
Moving Forward
Both Hickenlooper and his sole cosponsor {Sen Capito (R,WV)} are both member of the Senate Commerce, Science and Transportation Committee to which this bill was assigned for consideration. This means that there should be sufficient influence to see the bill considered in Committee. I see nothing in the bill that would engender any significant opposition. I expect that the bill would receive bipartisan support.
The bill is not ‘important’ enough to be considered on the floor of the Senate under regular order. I suspect that the bill could be considered under the Senate’s unanimous consent process, but you never can tell what unrelated opposition could lead to an objection under that process.
Commentary
This bill makes no attempt at establishing any regulatory framework for cybersecurity insurance, which would probably be the death knell of bill currently containing such provisions. The crafters of this bill did do Congress a disservice, however, when they did not take advantage of this working group to outline what future regulation legislation might look like. I would have added the following subparagraph (K) to Section 3(c)(1):
“(K) Identify any regulatory frameworks that may have been proposed to govern the issuance of cyber insurance.”
For more details on the requirements of this legislation,
including the proposed activities of the working group, see my article at CFSN
Detailed Analysis - https://patrickcoyle.substack.com/p/s-513-introduced
- subscription required.
No comments:
Post a Comment