Last month, Sen Cornyn (R,TX) introduced S 5064, the Protecting Investments in Our Ports Act. The bill would amend 46 USC 54301 to require grantees under the Port Infrastructure Development Program that are using their grant to acquire digital infrastructure or software to have an approved security plan that “that addresses the cybersecurity risks of such digital infrastructure or software”. No funding would be authorized by this proposed legislation.
Moving Forward
Cornyn is not a member of the Senate Commerce, Science, and Transportation Committee to which this bill was assigned for consideration, but his sole cosponsor {Sen Peters (D,MI)} is a member of the Committee. This means that there may be sufficient influence to see the bill considered in Committee. I do not see anything in the bill that would engender any organized opposition. I suspect that the bill would receive some level of bipartisan support.
Commentary
At first glance this is a motherhood and apple pie bill. If the government is going to be funding digital infrastructure, they sure ought to require that the grantees protect that investment with some minimum level of cybersecurity protection. And this would not require any new bureaucratic organization to oversee that requirement, the bill relies on the existing Maritime Transportation Security Act (MTSA) bureaucracy to oversee the requirement.
There is one problem though, there is no guarantee that an
entity receiving a grant under §54301 is an MTSA covered facility that is
required to have a security plan under §70103(c). In fact,
§54301(a)(3)(A)(i)(II) allows for grants for projects “outside the boundary of
a port, but is directly related to port operations or to an intermodal
connection to a port”. An ‘outside the boundary of a port’ entity would not be
covered under §70103(c).
For more details about the provisions of this bill, and a
proposed fix for the problem identified in my commentary, see my article at
CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/s-5064-introduced
- subscription required.
No comments:
Post a Comment