Last month, Rep Carbajal (D,CA) introduced HR 5758, a bill to establish in the National Nuclear Security Administration (NNSA) a Cybersecurity Risk Inventory, Assessment, and Mitigation Working Group. The bill would amend Subtitle A of title XXXII of the National Defense Authorization Act for Fiscal Year 2000 (PL 106–65) adding a new §3222, Cybersecurity Risk Inventory, Assessment, and Mitigation Working Group. It would require the establishment of a Working Group to “prepare a comprehensive strategy for inventorying the range of National Nuclear Security Administration systems that are potentially at risk in the operational technology and nuclear weapons information technology environments, assessing the systems at risk, and implementing risk mitigation actions.” No new funding is authorized by the legislation.
Moving Forward
Carabajal and his two cosponsors {Rep Bacon (R,NE) and Rep Gallagher (R,WI)} are all members of the House Armed Services Committee to which this bill was assigned for consideration. This means that there may be sufficient influence to see this bill considered in Committee. I see nothing in this bill that would engender any organized opposition. I suspect that it would receive substantial bipartisan support in Committee, enough bipartisan support for the bill to move to the floor of the House under the suspension of the rules process. That would allow for limited debate and no floor amendments, but it would require a supermajority for passage.
Substantially the same language as is found in this bill was
included as §3113 of HR 2670,
the NDAA for 2024, as passed
in the House, but it was not included in the version of the bill passed
in the Senate. Carabajal apparently has concerns about the provisions being
included in the version of the bill that will eventually be reported by the
conference committee. In any case, I do not expect any action to be taken on
this bill until HR 2670 comes back to the House.
For more details about the provisions of this legislation,
see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/hr-5786-introduced
- subscription required.
No comments:
Post a Comment