Monday, October 7, 2024

Review – S 5064 Introduced – Port Cybersecurity Plans

Last month, Sen Cornyn (R,TX) introduced S 5064, the Protecting Investments in Our Ports Act. The bill would amend 46 USC 54301 to require grantees under the Port Infrastructure Development Program that are using their grant to acquire digital infrastructure or software to have an approved security plan that “that addresses the cybersecurity risks of such digital infrastructure or software”. No funding would be authorized by this proposed legislation.

Moving Forward

Cornyn is not a member of the Senate Commerce, Science, and Transportation Committee to which this bill was assigned for consideration, but his sole cosponsor {Sen Peters (D,MI)} is a member of the Committee. This means that there may be sufficient influence to see the bill considered in Committee. I do not see anything in the bill that would engender any organized opposition. I suspect that the bill would receive some level of bipartisan support.

Commentary

At first glance this is a motherhood and apple pie bill. If the government is going to be funding digital infrastructure, they sure ought to require that the grantees protect that investment with some minimum level of cybersecurity protection. And this would not require any new bureaucratic organization to oversee that requirement, the bill relies on the existing Maritime Transportation Security Act (MTSA) bureaucracy to oversee the requirement.

There is one problem though, there is no guarantee that an entity receiving a grant under §54301 is an MTSA covered facility that is required to have a security plan under §70103(c). In fact, §54301(a)(3)(A)(i)(II) allows for grants for projects “outside the boundary of a port, but is directly related to port operations or to an intermodal connection to a port”. An ‘outside the boundary of a port’ entity would not be covered under §70103(c).

 

For more details about the provisions of this bill, and a proposed fix for the problem identified in my commentary, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/s-5064-introduced - subscription required.

Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
 
/* Use this with templates/template-twocol.html */