Last month, Sen Cornyn (R,TX) introduced S 1903, the Cranes of Concern at our Ports (CCP) Act. The bill would require the Director of National Intelligence to “conduct an assessment of the threat posed to United States ports by cranes manufactured by countries of concern and commercial entities of those countries”. A report to Congress is required. No funding is authorized by this legislation.
Moving Forward
Both Cornyn and his sole cosponsor {Sen Heinrich (D,NM)} are members of the Senate Intelligence Committee to which this bill was assigned for consideration. This means that there may be enough influence to see the bill considered in Committee. I see nothing in the bill that would engender any organized opposition to the bill. I suspect that there would be substantial bipartisan support for the bill in Committee. There is a good chance that the bill could be successfully considered under the Senate’s unanimous consent process, otherwise the only way that this bill could make it through the legislative process would be as part of a larger (preferably must pass) legislation.
Commentary
While I think that it should be clear to anyone that has been paying attention that the threat mentioned in this bill is a cybersecurity threat, I think that spelling out that intent would be an important addition to this bill. To that end, I would suggest adding to the following to the end of Sec 2(b):
“…. That assessment should address at a minimum:
“(1) The current capabilities of vendors or agencies of the country of concern to monitor information produced by, stored in, or transiting computer systems and control systems associated with cranes used at ports in the U.S.;
“(2) The current capabilities of vendors or agencies of the country of concert to make changes to the real-time operation of the computer systems and control systems associated with cranes used at ports in the U.S.;
“(3) The current capabilities of vendors or agencies of the country of concern to remotely update, software or firmware of computer systems and control systems associated with cranes used at ports in the U.S. without the knowledge or consent of the port operator;
“(4) The currently known cybersecurity vulnerabilities associated with major components of computer systems and control systems associated with cranes used at ports in the U.S.;
“(5) A listing of internet facing systems used in computer systems and control systems associated with cranes used at ports in the U.S.; and
“(6) Other items that the Director deems necessary and/or appropriate.”
No comments:
Post a Comment