Review - HR 8949 Introduced – C-UAS Authority Extension

Last month, Rep Nadler (D,NY) introduced HR 8949, the Counter-UAS Authority Extension and Transparency Enhancement Act of 2022. The bill would extend the limited authority of DHS and DOJ to undertake counter-drone operations through October 1^st, 2023; that authority expired earlier this month. The bill would make other changes to the C-UAS authority provided under 6 USC 124n

Moving Forward

Nadler is a member of the House Judiciary Committee; two of his cosponsors {Rep Thompson (D,MS) and Rep Katko (R,NY)} are members of the House Homeland Security Committee; and three of his cosponsors {Rep DeFasio (D,OR), Rep Graves (R,MO), and Katko} are members of the House Transportation and Infrastructure Committee, the three committees to which this bill was assigned for consideration. This means that there should certainly be sufficient influence to see the bill considered in the committees.

While this is a complicated bill, I do not see anything that would cause any organized opposition in committee. There is, however, one minor provision that could cause problems in moving this bill to the floor of the House, a change in the definition of ‘appropriate congressional committee’ in §124n(k). Section 2(9)(A) of the bill would remove “the Committee on Energy and Commerce” from that definition. This would adversely affect the prerogatives of the Chair of that Committee and could cause problems for the Leadership. If the fix is already in, then it will not be a problem.

Commentary

I am a little bit concerned about the changes made to the ‘notwithstanding’ clause. It seems to me that removing those protective references would leave DHS and DOJ open to lawsuits by any drone operator whose UAS was interfered with by either agency using signal intercept techniques. On the other hand, I cannot believe that the legal staffs associated with the three Committees would have signed off on this bill if it would put the government at legal jeopardy.

A warrant to intercept (and interfere) with those communications would get the agencies around those legal difficulties but getting such a warrant would require some level of advanced knowledge of the UAS attack. That will likely only be possible in a limited number of cases.

 

For more details about the provisions of the bill, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/hr-8949-introduced - subscription required.

Committee Hearings – Week of 7-10-22

With both the House and Senate in session this week, and both trying to get a lot accomplished before the summer recess starts at the end of the month, there is a moderate load of hearings scheduled for this week. We have the NDAA Rules Committee hearing that I have been talking about in the House. There are two Senate hearings of interest: BIS oversight hearing and a counter UAS hearing. The House version of the NDAA will hit the floor this week and there might be along delayed vote on the cyber forensics bill from last month.

NDAA Hearing

Today, the House Rules Committee will take up HR 7900, the FY 2023 NDAA in a rule hearing. The rule will include two abortion bills and an active shooter bill, so there will be some contentious debates in the House this week. Depending on the order that the bills are taken up, we might not see a final vote on the NDAA this week.

The Rules Committee also announced an amendment deadline for a mini-bus spending bill. It looks like the plan is to combine six of the less controversial spending bills into a single bill to bring to the floor next week. This might allow the Senate to actually take up the bill before the end of the fiscal year, something they have not been able to do in a number of years. The deadline for amendments is Wednesday. The rule hearing will likely be next week.  More on this later.

BIS Oversight

On Thursday, the Senate Banking, Housing, and Urban Affairs Committee will hold an oversight hearing on “Advancing National Security and Foreign Policy Through Export Controls: Oversight of the Bureau of Industry and Security”. The sole witness will be Alan Estevez, DOC’s Under Secretary for Industry and Security. There is a possibility that questions will be asked about cybersecurity export controls, but I expect that the focus will be on sanctions on Russia, China, Iran and North Korea; BIS also manages the details of those programs.

Counter UAS Hearing

On Thursday, the Senate Homeland Security and Governmental Affairs Committee will hold a hearing on “Protecting the Homeland from Unmanned Aircraft Systems”. The witness list includes: 

• Robert Silvers, DHS,

• Brad Wiegmann, DOJ,

• Tonya D. Coultas, FAA

This hearing may be a lead up to legislation reauthorizing the very limited authority that DHS and DOJ have for taking out UAS that endanger a limited number of federal activities. That authorization expires later this year. At the very least there should be an interesting discussion about what changes need to be made to the criminal code to allow wider spread counter UAS actions. 

I do expect that Coultas will be asked about the FAA’s continuing lack of action on the rulemaking on allowing critical infrastructure facilities to ask FAA to be declared ‘No Fly Zones’ for UAS. I expect that a reasonable answer might include the reality that a ‘no fly zone’ with no local enforcement capability is just a waste of time.

On the Floor

As noted above, HR 7900 is scheduled to come to the floor this week in the House, along with three other controversial bills. Fifteen new bills are on the schedule to be considered under the suspension of the rules process, including a cybersecurity bill (HR 7535, the Quantum Computing Cybersecurity Preparedness Act) that I have not covered. Additionally, there should be (well, ‘may be’ is probably a better term) votes on seven bills that were debated last month under the suspension of the rules process, including HR 7174, the National Computer Forensics Institute Reauthorization Act of 2022. There are going to be a lot of late nights in the House this week.

ISCD Publishes CFATS Quarterly – 10-08-19

Last week the CISA Infrastructure Security Compliance Division (ISCD) published the latest version of their Chemical Security Quarterly. Along with a large number of informational links, this version includes articles on:

• CISA Leadership Updates;

• House Hearing on CFATS Reauthorization;

• Close-up on the Personnel Surety Program (PSP);

• National Cybersecurity Awareness Month;

• Chemical Sector Security Summit Presentations;

• Counter Unmanned Aircraft Systems (UAS) Authorities;

PSP

Along with the brief article on the Tier III and Tier IV implementation of the PSP terrorist screening process there is a list of frequently asked questions along with the ISCD response. The article provides a nice high-level (upper management) overview of the PSP while the FAQs provide a deeper (but not too deep) dive into the mechanics of the PSP. Finally, there is a section that includes links to a number of resources on the PSP.

One minor complaint, the Chemical Security Inspectors and Compliance Analysts is a little misleading. It is just an email link to CSAT@hq.dhs.gov. A detailed email to that address will get some sort of appropriate assistance response, but not necessarily from a CSI or compliance analyst.

Counter UAS

An interesting collection of information about UAS operations in or near critical infrastructure; unfortunately, there is nothing that directly concerns counter UAS operations at CFATS regulated facilities. The reason for this is that the legal basis for counter UAS operations is very cloudy with lots of deadly lightning bolts (to extend the ‘cloudy’ metaphor) at this point, again unfortunately, that is not made clear in this article or any of the linked information sites.

CFATS Information Updates

This section provides links to new or revised CFATS resources. In this instance the ‘new resources’ includes links to a Risk-Based Performance Standard (RBPS) 10 web page and fact sheet. This RBPS concerns maintaining all records of maintenance, testing, and calibration of security equipment, as specified in 6 CFR §27.255(a)(4).

This section notes that ISCD has revised their ‘Detect and Delay’ web site and fact sheet. The changes appear to be more editorial than substantive.

I was disappointed to see this update information here and not on the CFATS Knowledge Center page when the changes occurred. The new RBPS 10 information was apparently updated earlier this month so there was no major delay there; but the Detect and Delay information was apparently updated last May. That is hardly timely information sharing. Caveat; I am predicating my ‘timing’ information on the dates provided on the two fact sheets; there are no dates on these (or most of the) ISCD web pages.

Overall Rating – Good Job

I am typically disappointed in publications like this Quarterly report. As I have noted on numerous occasions with other agencies, they are more like Corporate Annual Reports (look how great we are) rather than information sharing efforts. ISCD continues to concentrate on information sharing rather than grandstanding.

I continue to refer to this as the ‘CFATS Quarterly’, but CISA has rebranded this the ‘Chemical Security Quarterly’. Most of the information in this issue is targeted at CFATS facilities, but the UAS article shows that CISA is trying to target this at a larger audience. I applaud them on that effort, we will see how well they expand this outreach in future editions.

S 2836 Reported in Senate – UAS Protection

Earlier this week the Senate Homeland Security and Governmental Affairs Committee published their report on S 2836, the Preventing Emerging Threats Act of 2018. Additionally, the amended version of the bill was also published. The changes to the bill were made during a mark-up hearing conducted by the Committee on June 13^th, 2018.

Additional Protections

The changes made to the bill by the Committee did not make any major changes to the counter-UAS activities that DHS and DOJ are authorized to undertake. There were, however, three new constraints that would have to be considered before conducting counter-UAS activities. DHS and DOJ would be required to {new §210G(a)(2)}:

• Avoid infringement of the privacy and civil liberties of the people of the United States and the freedom of the press consistent with Federal law and the Constitution of the United States, including with regard to the testing of any equipment and the interception or acquisition of unmanned aircraft or systems;

• Limit the geographic reach and duration of the actions to only those areas and time frames that are reasonably necessary to address a reasonable threat; and

• Use reasonable care not to interfere with authorized or non-threatening manned or unmanned aircraft, communications, equipment, facilities or services

Moving Forward

It is unlikely that this bill could be brought to the floor of the Senate using any of the abbreviated consideration options found in the Senate rules. This means that there would almost certainly have to be significant floor debate and provisions for the consideration of amendments. With the constraints of time facing the body prior to the upcoming elections, it is unlikely that this bill will be considered until Congress returns from the battle royale in November. Even then, the chances of this bill making to the floor for a vote are probably low.

Commentary

Some of the ‘changes’ that I reported on in HR 6401 actually come from the revised language in this bill. Actually, the only significant change in the House bill is the language limiting the ‘notwithstanding’ clause in §210G(a)(1). While both bills would provide rather blanket authorization to avoid a wide variety of federal law regarding protections of aircraft and communications, the House language provides more targeted exemptions for specific activities rather than the blanket exemption from KK US criminal statutes found in the Senate bill. I really think that the Senate bill should adopt the House language for that clause.

HR 6072 Introduced – FY 2019 THUD Spending

Last week Rep. Diaz-Balart (R,FL) introduced HR 6072, the Transportation, Housing and Urban Development, and Related Agencies Appropriations Act, 2019. The bill contains no program mentions of specific interest to readers of this blog, but the Committee Report does include mentions of cybersecurity, unmanned aircraft system (UAS), and chemical rail-transportation safety measures.

Cybersecurity

I do not generally comment on Department cybersecurity measures in these spending bills; those are typically IT related programs and I tend to concentrate on control system measures. I am making an exception here because the House Appropriations Committee made a very important cybersecurity observation that deserves wide recognition.

In discussing the Department of Transportation’s cybersecurity initiative, the Committee Report makes the comment that (pgs 28-9):

“DOT operates and oversees significant elements of the critical transportation and information technology infrastructure of the United States. Much of the DOT framework relies upon, and is integrated with, computer networks, computer mediated communications, online databases, and a wide variety of other computer and computer network capabilities. With the increasing interconnectivity and use of Internet-based technologies, new dependencies, relationships, and vulnerabilities are created as are new risks and new threats. Further, DOT’s privileged relationships with state and local governments, and private-sector elements within the transportation community, exposes operational elements of the transportation sector itself to the potential of a cyber compromise.”

This is the first time that I recall a government entity acknowledging that government networks and systems are potential routes of attack against privately owned/operated critical infrastructure. It is both refreshing to hear and breathtaking to consider the scope of that potential threat.

In the discussion of funding for the National Highway Traffic Safety Administration (NHTSA) the Committee report notes (pg 43) that $18 million of the NHTSA vehicle safety research funding is to be targeted “for vehicle electronics and emerging technologies, which includes research of cybersecurity and automated vehicle technologies”.

UAS Concerns

As can be expected the Committee has a number of concerns about the development and regulation of commercial UAS. Generally, the Committee (and much of Congress) is supportive of the increased operations of commercial and recreational drones. There are, however, two separate mentions of directives to develop counter-UAS technologies.

The first revolves around the on-going congressional concern about UAS operations near commercial airports. In the first instance the commends the FAA to (pgs 28-9) “promote research and demonstration activities for counter unmanned aircraft systems (CUAS) to protect airports and the national airspace (NAS)”. The Committee notes that these activities should be ‘nonkinetic’ and focus on the “capabilities to identify, monitor and track the UAS and UAS handset operator”.

The second focuses on another long standing congressional concern about the operation of UAS in and around fire-fighting scenes. The Committee directs the FAA (pg 29) “to develop

systems to detect and mitigate unauthorized UAS that interfere with firefighting efforts in our nation”. The Committee goes on to outline the requirements of such a system; the system should be able to:

• Detect, identify and track both the air vehicle and ground controller;

• Must be controlled by an entity that is independent from and would not be dependent on compliance by the UAS manufacturer or the UAS user/operator;

• Would have the capability to adapt to fluid borders;

• Differentiate between legitimate firefighting UAS and unauthorized UAS; and

• Not interfere with essential first responder communications systems

No specific funding for such system development was mentioned. This is in the preliminary stages and just requires an initial report to Congress within 120 days.

Chemical Rail Transportation Safety

The Committee Report addresses two long standing congressional concerns about topics under the proviso of the Federal Railroad Administration (FRA); safe transportation of energy products and positive train control (PTC).

In its discussions about the FRA’s Safety and Operations budget the report notes that the Committee is specifically allocating $2 million (pg 49) “for FRA’s safe transport of energy products programs, which include crude oil safety inspectors, safety route managers and tank car quality assurance specialists, tank car research, and increased mileage of ATIP [automated track inspection program] on routes that carry energy produces.”

The Committee is also targeting $10 million for the FRA’s PTC support program; noting that the FRA (pg 29) “expects to review up to 15 additional PTC plans from railroad companies in fiscal year 2019”.

Moving Forward

This bill will move the floor of the House in the coming weeks. The votes (see pages 170-5 in the Committee Report for the specific votes) in Committee indicate that there is significant opposition from the Democrats to some specific provisions of the bill, but there is some limited bipartisan support for the bill as a whole. Regardless, the bill will be brought to the floor under a structured rule with a large, but controlled number of floor amendments to be considered. The bill will almost certainly pass in the House.

The Democratic opposition would prevent this bill from being considered in the Senate were it not for the fact that the Senate will take up this bill and immediately amend it with substitute language from S 3023 which had strong bipartisan support in Committee. That version of the bill, after additional floor amendments will pass with bipartisan support. A conference committee will work out the discrepancies between the two bills.

Commentary

Interestingly there is no mention in either HR 6072 or Committee Report on the bill of the congressional concern with the slow pace of rulemaking on revisions to the Comprehensive Oil Spill Response Plan requirements for railroads. Readers will remember that the Senate Appropriations Committee included a ‘$1000,000 per day’ fine on PHMSA for not completing that rulemaking within 45 days of the passage of the THUD spending bill.

While there is not specific support for such a fine in the House bill, I do not suspect that there would be any strong opposition to including that fine in conference.