Showing posts with label HR 3608. Show all posts
Showing posts with label HR 3608. Show all posts

Thursday, July 15, 2021

Review - HR 3608 Introduced - Improving Contractor Cybersecurity Act

Back in May, Rep Lieu introduced HR 3608, the Improving Contractor Cybersecurity Act. The bill amends 41 USC by adding a new §4715, Vulnerability disclosure policy and program required. It would require all federal  information technology contractors to maintain a vulnerability disclosure policy and program.

Lieu is not a member of the House Oversight and Reform Committee to which this bill was assigned for consideration. This means that the Committee is unlikely to take up this bill. I suspect that there would be substantial opposition to this bill from business interests supported by Republican members of the House, and frankly many Democratic members as well. If the bill were considered in Committee, I would not be surprised if there were insufficient votes to see it adopted as introduced.

For a more detailed analysis of the bill requirements and my observations on the problems with the language, see my analysis at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/hr-3608-introduced - subscription required.

Posted by at No comments:
Labels: ,

Saturday, May 29, 2021

Bills Introduced – 5-28-21

Yesterday with the Senate is Washington and the House meeting in pro forma session, there were 107 bills introduced. Three of those bills may receive additional coverage in this blog:

HR 3594 To authorize appropriations to the Department of Transportation for surface transportation research, development, and deployment, and for other purposes. Rep. Johnson, Eddie Bernice [D-TX-30]

HR 3599 To establish a Federal rotational cyber workforce program for the Federal cyber workforce, and for other purposes. Rep. Khanna, Ro [D-CA-17]

HR 3608 To amend title 41, United States Code, to require information technology contractors to maintain a vulnerability disclosure policy and program, and for other purposes. Rep. Lieu, Ted [D-CA-33]

I will be watching HR 3594 to for language and definitions that would indicate that there are cybersecurity research programs included in the coverage.

 

I will be watching the other two for language and definitions that would include control system security in the covered activities.

Posted by at No comments:
Labels: , , ,
Subscribe to: Posts (Atom)
 
/* Use this with templates/template-twocol.html */