HR 2219 – Senate Language Changes – DOD Appropriations

Well, I finally had a chance to review the Senate substitute language for HR 2219, the Department of Defense Appropriations Act, 2012. While there are wholesale changes in the Senate language they have no appreciable effect on the cyber security provisions of the bill because there were no such provisions in the House language and there are none in the Senate language. Cyber security still remains a miniscule part of the DOD budget.

The cyber security provisions from the House Report on the bill that I discussed in an earlier blog will still apply to DOD, almost regardless of what happens on the Senate floor or in Conference. The various reports to Congress will still have to be made unless DOD wants to incur the wrath of an Appropriations Committee scorned. Fortunately for DOD there are no additional cyber security reports required in the Senate Report on this bill.

We'll see what happens when this comes to the Senate Floor.

House Passes HR 2219, the FY 2012 DOD Appropriations Bill

On Friday, the full House, after three days of floor amendments, passed the FY 2012 DOD appropriations bill in a decidedly bipartisan manner; 336 to 87. Over half of the Democrats in the House voted for the bill (112-75) and there were 12 Republicans voting against the bill

No further homeland security or cyber security measures were brought to the floor. The two amendments that I discussed in the previous blog on this bill were not submitted for actual consideration.

This means that, for homeland security or cyber security purposes, this bill remains essentially the same as I described in my post on the Appropriations Committee report on the bill.

Senate Inaction

This bill will move to the Senate for consideration, hopefully before the start of the 2012 fiscal year on October 1st. Typically the Senate would substitute language from their own version of the bill to start the consideration process. The Senate Appropriations Committee has not yet published even a draft sub-committee version of their bill yet.

I suspect that the main reason for the delay is the continuing discussions on the debt limit extension. Since there will apparently be some sort of spending cuts included in the final deal, it probably makes sense for the Senate to hold off. This is especially true since the cuts in their version of the bill will probably be significantly different than those found in the House passed bill.

HR 2219 Floor Consideration – Wednesday 7-6-11

Over the last two days the House has been spending considerable time working on the DOD spending bill, HR 2219. The late hours that the House has been keeping on this bill have been delaying the publication of the Congressional Record so I’m about a day behind looking at the progress of the bill for effects on homeland security issues.

Wednesday – Action on Amendments

In Wednesday’s session only one amendment concerning homeland security issues was considered. The amendment by Rep. Clarke (D, MI) that I discussed in an earlier blog transferring DOD funds to DHS was brought up on the floor by Mr. Clarke. As I predicted a point of order was raised against this amendment because of the rule against transferring money to or from the funds designated as being for spending on the Global War on Terrorism (GWOT). No effort was made to overturn the Chair’s upholding of the point of order.

Wednesday – New Homeland Security Amendments

House members are encouraged to publish their intended amendments to this bill in the Congressional Record, allowing advanced review of the amendments by staff so that Members can make a more informed vote when the amendment is actually submitted on the floor. Wednesday’s Congressional Record contained a number of new amendments; two of which may be of interest of to the homeland security community and one of those is actually cyber security related.

First the cyber security amendment; Rep. Lipinski (D, IL) published amendment #91 that adds a new section to the bill that would read:

“None of the funds made available by this Act may be used by the Department of Defense to replace an information technology system that stores classified information in the United States with an information technology system that stores such classified information outside the United States.”

I’m not sure what this means unless there is some plan currently under consideration that would use a server farm outside of the US to replace an aging facility in the United States (one would expect in Illinois). From a security perspective the physical location of a server farm is really only of concern because of physical security issues. One would assume that DOD would do as good a job of providing physical security for facilities overseas as they would here in the States. I would expect that the most likely location for an overseas server farm would be at the US facility in Diego Garcia and I doubt that you could get a more secure physical location; not much in the way of commercial travel to that island facility.

The other homeland security related amendment was amendment #76 submitted by Rep. Shuler (D, NC) which would also add a new section to HR 2219 that would read:

“None of the funds made available in this Act may be used to restrict cooperation between employees of the Department of Defense and employees of the Department of Homeland Security.”

This is another one of those vague amendments that makes little or no sense on first reading; in this case on second and third reading as well. How could one vote against such a ‘motherhood and apple pie’ amendment?

If or when these amendments are actually offered on the floor we may get additional information when the member uses their allotted 5 minutes of discussion to urge a positive vote on the amendment.

Congressional Hearings Week of July 4th

Both Houses of Congress will be in session this week but there are no committee hearings scheduled that will be of specific interest to the chemical security or cyber security communities. There are lots of House hearings, but nothing of specific interest. The Senate was not originally scheduled to be in Washington this week so there are very few hearings scheduled for that body’s Committees.

The big thing to watch this week from a security perspective will be the Full House consideration of HR 2219. The House will meet in proforma session today which will allow for additional filing of amendments to HR 2219 that may be considered in the two days of debate that the House leadership currently has scheduled for the DOD Appropriations Bill. Roll call votes tomorrow will be held until the evening and the Majority Leader’s web page warns: “Members are advised that the 6:30 p.m. vote series is expected to last longer than usual.”

HR 2219 Amendments

The House session ended early Friday afternoon and there was no debate on HR 2219, the Department of Defense Appropriations Act, 2012 before the House adjourned for a very long weekend. They will resume consideration when they return from their July 4th ‘weekend’. There were, however, more proposed amendments to that bill published in Friday's Congressional Record for that bill. One of those amendments had potential homeland security implications, but nothing to do with cyber security.

Rep. Clarke (D, MI) proposed amendment #37 that would transfer $2 Billion from the Afghanistan Security Forces Fund (pg 135) to the “State Homeland Security Grant Program under section 2004 of the Homeland Security Act of 2002 (6 U.S.C. 605)”.

I don’t think that this amendment will actually come to a vote on the floor, even if it is actually proposed by Mr. Clarke. House Resolution 320, the rule for the consideration of HR 2219, prohibits {§2(a)(1)} the transfer of funds to or from the funds designated as being for the global war on terrorism pursuant to section 301 of H. Con. Res. 34 (112th Congress). The Afghanistan Security Forces Fund is clearly identified GWOT funding and the State Homeland Security Grant program is not.

If it is introduced, Mr. Clarke would get his five minute speech then someone from the leadership would ‘raise a point of order’ against the amendment and the House would move on to the next amendment.

As I noted earlier, the House will take up HR 2219 when they return from their extended 4th of July weekend. There is a possibility that there might be more amendments published to HR 2219 during the two pro-forma sessions that will be held this week. I’ll be watching.

HR 2219 – DOD Appropriations – Open Rule

Yesterday the House Rules Committee met to consider the rule for the management of the floor debate on HR 2219, the Department of Defense Appropriations Act, 2012. As expected, the rule, H Res 320, provides for the same type of open rule as seen this year in other appropriations bills. During the paragraph by paragraph reading of the bill, any member may propose an amendment to that paragraph under a 5 minute rule.

This afternoon the House approved H Res 320 by a vote of 251 to 173. The first hour of general debate on the bill was held this evening just before the House concluded their regular legislative day. The reading of the bill and the associated amendment process will probably start tomorrow.

I have checked the amendments printed in yesterday’s Congressional Record (pgs H4460 thru 61) and could not find any that related to cyber security matters. More amendments will be printed in today’s Record (available early tomorrow morning) and more will continue to be filed while the debate continues. Of course, the amendments don’t have to be published in the Record prior to their being proposed, but most are.

In any case, I’ll be watching the results and will report on any cyber security related amendments considered by the House.

HR 2219 Report – More Cybersecurity Reports

Today the GPO had the report of the House Appropriations Committee on HR 2219 available on-line. I was correct in the supposition in my earlier blog on this bill that the report would contain references to military cyber defense/security operations. The requirements include reports to Congress and changes in the way that the cybersecurity budget is included in the overall DOD Budget.

Report to Congress

As we have come to expect from these Committee reports, the Committee directs the Commander of the Cyber Command to prepare a detailed report on the planned scope of operations of that command. Some of the items that the Committee is requiring to be addressed in the report (pages 207-8) include:

● The goals of the cyber initiative, including cyberspace operations;

● Computer network operations;

● Information assurance;

● The full spectrum cyber operations for the Department of Defense and the Services;

● The organizational structure and responsibilities for each of the participants; and

● The various programs and initiatives in the Department of Defense and the Services that are supporting the cyber goals outlined.

There is nothing that specifies that this report should be unclassified with classified annexes as appropriate. I think we should assume that DOD will ensure that the report is classified. This will help to insure that the distribution is even more limited than most reports to Congress.

Interestingly, there is no mention of how DOD and DHS will work together in overseeing the general cybersecurity of the country. Nor is there any specific mention of control systems issues.

Accounting Change

The Report recommends a change to the way that cybersecurity operations are listed in the DOD budget. They recommend that DOD elevates cyber security operations to “a virtual Major Force Program (MFP) to better coordinate and track the budgets related to cyber activities” (page 208). This would make cyber security/defense spending a readily distinguishable part of the budget process.

Information Sharing

The Committee also expressed their concerns about the Department’s ability to share cyber threat information with the portion of the private sector supporting DOD activities, the Defense Industrial Base. The Committee is concerned that the Department’s reliance on classified threat information makes this information impossible to share with large segments of the supplier base due to the dearth of security clearances available to many of these commercial organizations.

To resolve this issue, the Committee directs the preparation of yet another report to Congress. This report would address “the collaboration and sharing of sensitive but unclassified [SBU] threat information across the entire Defense Industrial Base, including any plans to leverage commercially available services that meet federally mandated security requirements” (pg 208).

Unfortunately, the Committee failed to address the underlying issue that most threat information is still contained in classified documents that cannot be shared through this means. The report should have also addressed the question of requiring the production of SBU versions of all cyber threat intelligence reports.

House Rules Committee Hearing

On a slightly separate note, the House Rules Committee web site today announced that the hearing on HR 2219 will be held on Wednesday evening. That would allow for the House to begin considering this appropriations bill as early as Thursday. I’m sure that we will see another open rule with wide spread floor amendments. Lots of amendments means long hours this week if the House leadership intends for this to be completed this week.

Congressional Hearings Week of 6-20-11

Two weeks in a row with both houses of Congress in Washington, what a concept. The hearing schedule is beginning to reflect the approach of the summer vacation period with lots of increased activity with seven hearings this week of potential interest to the chemical and cyber security communities. As I mentioned yesterday there will be a markup of HR 901; additionally there will be two cyber security hearings, a budget hearing, a rail security hearing, a suspicious activity reporting immunity hearing and the political favorite, a WMD hearing. There will also probably be a House Rules Committee hearing on the rule for HR 2219 that I mentioned last night.

Cyber Security

Two different committees will be looking at the Obama Administration’s cybersecurity proposal. On Tuesday the Subcommittee on Crime and Terrorism of the Senate Judiciary Committee will hold their hearing with witnesses scheduled from the Department of Justice, DHS-NPPD, and the National Institute of Standards and Technology.

On Friday the Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies of the House Homeland Security Committee will hold their hearing on the subject. There is no witness list available yet for this hearing.

As I noted in an earlier blog, there are significant a control systems provisions in the President’s cybersecurity proposal, but that is no guarantee that they will even be mentioned in these hearings. The inclusion of NPPD and NIST witnesses does provide the possibility that this topic will be covered in the Senate hearing, but a lot will depend on the questioning from the Senators. Being a Judiciary Committee panel, I don’t hold out a lot of hope for the Senate hearing, but I do expect a better chance of substantive covereage of control systems security issues in Friday’s hearing.

Coast Guard Budget

The Oceans, Atmosphere, Fisheries, and Coast Guard Subcommittee of the Senate Commerce Committee will be holding an oversight and budget hearing on Thursday looking at the Coast Guard. This is kind of late in the season for a budget hearing, but the Senate is way behind the House in the budget process this year. I doubt that there will be much in the way of MTSA coverage in this hearing. No witness list is currently available, but we can certainly expect the Commandant to be on hand.

Rail Security

The Senate Homeland Security and Governmental Affairs Committee will be holding a hearing on Wednesday looking at rail security operations. The recovery of information from the Bin Laden compound indicating an interest in attacking rail targets on the 9/11 anniversary is bringing some attention to this neglected area. If last week’s hearing before the Senate Commerce Committee is any indication, there will be no substantive discussion of the existence of a freight rail threat; but we can always hope. Those hopes are partially dashed by the fact that there is no railroad witness on the current witness list.

See Something Say Something

The Subcommittee on the Constitution of the House Judiciary Committee will be holding a hearing on HR 963, the See Something, Say Something Act of 2011, on Friday. This is bill introduced by the Judiciary Committee Chair to provide immunity to people making good-faith suspicious activity reports. There are no witnesses currently listed for this hearing.

WMD

Late last session Rep. King (R, NY) introduced HR 5057 that dealt with defenses against terrorist uses of weapons of mass destruction. King’s bill focused almost exclusively on nuclear and biological weapons to the exclusion of chemical weapons. That bill is apparently pending re-introduction and will be the subject of a hearing before the Cybersecurity, Infrastructure Protection, and Security Technologies Subcommittee of King’s Homeland Security Committee on Thursday.

HR 2219 Introduced – FY 2012 DOD Appropriations

This week Rep. Young (R, FL) introduced HR 2219, the Department of Defense Appropriations Act, 2012. I’m going to be watching this legislation because of the shared responsibility DHS and DOD have for cyber security matters.

In reviewing the bill I could find no specific mention of cyber security programs which is not unexpected due to the relatively low level of expenditures to be expected for such programs. There may be more information available in the Committee Report from the House Appropriations Committee (HR 112-110), but that report is not yet available from the GPO.

This bill may be taken up this week in the House, again under an open rule. The House Rules Committee has not yet set a date for their hearing to develop the rule for the consideration of this bill by the whole House.