Review - S 2016 Reported in Senate – Surface Transportation Investment

Earlier this month, the Senate Commerce, Science, and Transportation Committee reported (without written report) S 2016, the Surface Transportation Investment Act of 2021. The Committee adopted substitute language in a markup hearing on June 16^th, 2021. The reported version of the bill contains 19 new sections including §2425, Requirements for railroad freight cars placed into service in The United States. That section contains language restricting the sourcing of sensitive electronic components of freight railcars.

As I mentioned in my earlier post, this bill was included in the substitute language for HR 3684 that was considered by the Senate and subsequently the House and then signed into law by the President. The provision described above was included in that bill as §22425. I overlooked that section in my discussions of the Senate action on HR 3684.

In any case, there will be no further action on this bill.

For more details on the provisions of §2425, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/s-2016-reported-in-senate  - subscription required.

Review - HR 3684 Passed in House – FY 2022 Infrastructure Bill

Last Friday the House finally got around to passing HR 3684, the Infrastructure Investment and Jobs Act, by a slightly bipartisan vote of 228 to 206. With the complexity of the bill and the large amounts of money involved, this is a good time to re-look at the cybersecurity provisions in the bill.

The bill includes language from six separate pieces of cybersecurity legislation.

S 914, the Drinking Water and Wastewater Infrastructure Act of 2021, in §50113,

S 1316, the Cyber Response and Recovery Act of 2021, in §70601,

S 1400, the PROTECT Act of 2021, in §40123,

S 2199, the Cyber Sense Act of 2020, in §40122,

S 2585, the State and Local Cybersecurity Improvement Act, in §70611, and

HR 2931, the Enhancing Grid Security through Public-Private Partnerships Act, in §40121.

It also contains two new standalone cybersecurity provisions in the Energy Division of the bill. Additional (over the current annual spending) cybersecurity spending is authorized for four agencies of the federal government. Finally, there are 23 separate instances where cybersecurity mentions are made in other provisions of the bill

For more details about those provisions, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/hr-3684-passed-in-house - subscription required.

 

Bills Introduced – 10-28-21

Yesterday, with both the House and the Senate preparing to leave Washington for the weekend, there were 70 bills introduced. While none of the bills will receive future coverage in this blog, I do want to mention one in passing:

HR 5763 To provide an extension of Federal-aid highway, highway safety, and transit programs, and for other purposes. Rep. DeFazio, Peter A. [D-OR-4]

This bill provides a short-term extension of the various surface transportation programs that would normally be covered by a surface transportation authorization bill, one of the annual must-pass bills that Congress is supposed to deal with every year. This year, the surface transportation bill is HR 3684, the large spending bill that has been intertwined with the so-called build back better bill (HR 5376). There has still not been an agreement reached on the wording of the BBBB (though it looks like a scope of the bill may have been ironed out).

HR 5763 was necessary because the previous short-term extension (HR 5305) is due to expire on Sunday. This bill extends the deadline for passage of HR 3684 until December 3^rd, the same date set for the passage of a spending bill for the federal government. So, December 3^rd will become an even more important date for political pundits to point at with concern.

HR 5763 passed yesterday in both the House and Senate. The President will probably sign it while he is out-of-town for the global climate conference.

Committee Hearings – Week of 10-24-21

This week, with both the House and Senate in Washington, there will be a full slate of hearings in both bodies. There are two hearings of note here; a markup hearing and a hearing on transportation cybersecurity.

Markup Hearing

On Tuesday, the House Homeland Security Committee will hold a markup hearing looking at 12 pieces of legislation.

HR 5616, “DHS Basic Training Accreditation Improvement Act of 2021”,

HR 5658, “DHS Roles and Responsibilities in Cyber Space Act”, and

S 658, "National Cybersecurity Preparedness Consortium Act of 2021",

I have not yet published reviews of HR 5616 and HR 5658. While HR 5616 does not appear to affect chemical security inspector training, it could have future impact on cybersecurity law enforcement teams that could be developed within CISA or TSA. HR 5658 is a ‘report to Congress’ bill that may inform future cybersecurity legislative efforts. S 658 passed in the Senate in July and I do not expect any significant amendments in this week’s hearing.

Transportation Cybersecurity

On Tuesday the Subcommittee on Cybersecurity, Infrastructure Protection, and Innovation of the House Homeland Security Committee will hold a hearing on “Transportation Cybersecurity: Protecting Planes, Trains, and Pipelines from Cyber Threats.” The witness list includes:

• Suzanne Spaulding, Center for Strategic & International Studies,

• Patricia F.S. Coswell, Guidehouse,

• Jeffrey L. Troy, Aviation Information Sharing and Analysis Center, and

• Scott Dickerson, Maritime Transportation System Information Sharing and Analysis Center

Commentary - It is disappointing to see this industry only panel without having the TSA Administrator providing some insight into what that agency is trying to do with the limited resources it currently has available.

On the Floor

According to the House Majority Leader’s web site, we may actually see a vote on HR 3684, the Infrastructure Investment and Jobs Act. There is a lot of new cybersecurity program language and funding tied up in that bill. This is still tied up in the negotiations over the Build Back Better bill, so do not hold your breath waiting on the vote.

As I noted yesterday, we may see the Senate take up HR 4350, the FY 2022 NDAA, this week. The amendment process for that bill may see additional cybersecurity language added.

Bills Introduced – 9-30-21 – Senate

 Yesterday, with both the House and Senate in session (more about that see below), there were 28 bills introduced in the Senate. One of those bills may receive additional coverage in this blog:

S 2905 A bill to improve requirements relating to establishment of a consortium of universities to advise the Secretary of Defense on cybersecurity matters, and for other purposes. Sen. Rounds, Mike [R-SD] 

I will be watching this bill for language and definitions that would include industrial control systems within the coverage of this bill.

The House – The Congress.gov website has not published the listing of bills introduced in the House yesterday, because, by one of those neat political games that congressional leadership is allowed to play, the House is still in session on September 30^th. They have been in ‘recess’ since about 4:00 pm yesterday while the Democratic leadership tries to figure out how to get out of the box into which they backed themselves back in August, taking a vote on HR 3684 as amended by the Senate.

Speaker Pelosi promised the moderates in that mid-summer-recess session that they would get a chance to vote on that infrastructure bill on September 27^th. Meanwhile the progressive wing of the Democratic Party vowed to vote against HR 3684’s passage unless there was a ‘simultaneous’ vote on the more expensive Build Back Better bill (HR 5376). Well, since that bill is still not in a form that is capable of passing in the Senate (a whole nother separate political challenge) Pelosi cannot bring that bill to the floor because the moderates will not back it if they do not receive the political cover of final passage of the bill.

So, the September 30^th session of the House remains ‘in session’ while Pelosi brokers some sort of deal to move forward, or just finally gives up and admits that congressional politics can just be stupid at times.

BTW: Since HR 3684 was, in part at least, the FY 2022 surface transportation authorization bill, federal transportation programs were no longer authorized as of 00:01 this morning. Money will still flow to those programs because the House did approve the Senate version of HR 5305, the FY 2022 continuing resolution that keeps federal programs funded through December 3^rd. But authority to regulate (and operate in some cases) transportation functions has technically stopped. What that means in actual practice remains to be seen.

Committee Hearings – Week of 9-27-21

This week with both the House and Senate in session, and the end of the fiscal year at week’s end, there is a full slate of hearings on both sides of the Capitol. Of interest here are oversight hearings for TSA, the CSB and DHS. Lots of important action on the floor of both the House and Senate. It will be a busy week.

Oversight Hearings

On Wednesday, the House Homeland Security Committee will hold a hearing on “20 Years After 9/11: The State of the Transportation Security Administration”. The witness list will include David Pekoske, the current TSA Administrator and three former Administrators. While this should be a wide ranging discussion, it will probably focus on air travel security as that has been the agency’s focus over its life, but pipeline security questions will be raised.

On Wednesday, the Oversight and Investigations Subcommittee of the House Energy and Commerce Committee will hold a hearing on “Protecting Communities from Industrial Accidents: Revitalizing the Chemical Safety Board”. No witness list is currently available.

On Thursday, the Oversight, Management, and Accountability Subcommittee of the House Homeland Security Committee will hold a hearing on “20 Years After 9/11: Transforming DHS to Meet the Homeland Security Mission”. The witness list includes:

• Chris Currie, Government Accountability Office,

• Randolph “Tex” Alles, DHS,

• Angela Bailey, DHS

Looking at the witness list, I suspect that this hearing will concentrate on personnel issues. Cybersecurity workforce issues could be addressed.

On the Floor in the Senate

A cloture vote on HR 5305, the Extending Government Funding and Delivering Emergency Assistance Act (FY 2022 Spending continuing resolution plus debt limit extension), is scheduled for early this evening. If this gets the necessary 60 votes to continue debate (not likely) then the Senate will approve the bill later this week. If it fails, the ball would be tossed back to the House for a clean continuing resolution. Plenty of time before the continued government funding is required by Midnight Thursday.

On the Floor of the House

Last month, Speaker Pelosi promised the moderate Democrats a vote on the Senate version of HR 3684, the bipartisan infrastructure bill, today. Instead, it looks like all they are going to get today is a one-hour debate on the bill. The vote is apparently being slipped to Thursday to perhaps give the progressive wing of the Party a chance to vote on their expensive Build Back Better Act. HR 3684 needs to pass before Thursday Midnight as the authorization for most transportation programs expires at that time. This would not be as drastic as a government shutdown, critical programs would continue to operate (if a spending measure is in place), but regulatory enforcement efforts would face legal hurdles.

The final version of the Build Back Better Act is still not completed. The bill was marked up by the House Budget Committee on Saturday, but final changes will take place in the House Rules Committee. No hearing for that consideration is currently scheduled according to the Rules Committee website. Which indicates that horse trading is still going on behind closed doors. This bill is likely to come to the floor with limited debate and no amendments. The progressive Democrats want a floor vote on this bill before HR 3684 is considered.

According to Majority Leader Hoyer’s (D,MD) Weekly Leader site the House should take up two cyber security related bills (along with 10 other bills) under the suspension of the rules process. As I wrote last week, these were also potentially on the schedule last week, but were never taken up. The two bills are:

• HR 4611 – DHS Software Supply Chain Risk Management Act of 2021, and

• S 1917 – K-12 Cybersecurity Act of 2021

Review - HR 4910 Introduced – State Cyber Resiliency

Last month Rep Kilmer (D,WA) introduced HR 4910, the State Cyber Resiliency Act. The bill would establish the State Cyber Resiliency Grant Program administered by FEMA to assist State, local, and tribal governments in preventing, preparing for, protecting against, and responding to cyber threats. The bill would authorize “such sums as are necessary” for the grant program.

Kilmer is not a member of the House Homeland Security Committee or the House Transportation and Infrastructure Committee to which this bill was assigned for consideration, but his single cosponsor {Rep McCaul (R,TX) is a member of the Homeland Security Committee. This means that there may be enough influence to see this bill considered in Committee. I suspect that there would be at least some bipartisan support for this bill, but only if the State and local grant program in Division G, Title VI, Subtitle B of  HR 3684  (see commentary in my post here). This bill will almost certainly die without action if the provision in HR 3684 makes it to the President’s desk.

For more details about the grant program described in this bill, including the must have criteria for cyber resiliency plans, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/hr-4910-introduced - subscription required.

Review - S 2585 Introduced - State and Local Cybersecurity Improvement

Last month, Sen Hassan (D,NH) introduced S 2585, the State and Local Cybersecurity Improvement Act. The bill is similar to HR 3138 that was passed in the House in July in that it would require State and local government entities to formulate a cybersecurity plan to support their funding requests through a grant program established by the bill. It does not include any of the other provisions in the House bill amending the Homeland Security Act of 2002. Monies are appropriated to support the grant program at lower rates than in the House bill.

Hassan is the chair of the Emerging Threats and Spending Oversight Subcommittee of the Senate Homeland Security and Governmental Affairs Committee, the Committee to which this bill was assigned for consideration. That would be sufficient influence to see this bill considered in Committee. If considered, the bill would probably receive bipartisan support.

The Senate included a version of this bill (Division G, Title VI, Subtitle B) in the Infrastructure Investment and Jobs Act (HR 3684) passed last month. The House is scheduled to take up that bill on or before September 27^th. If the House passes that bill, further action on S 2585 will obviously be unnecessary. If it fails in the House, I suspect that the Committee would take up and pass this bill. The Senate could then take up HR 3138 either as is or substitute the language from this bill (the usual procedure).

For more details about the differences between this bill and HR 3138, including the differences in the authorized funding for the grant program, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/s-2585-introduced - subscription required.

S 2377 Introduced - Energy Infrastructure Act

Back in July Sen Manchin (D,WV) introduced S 2377, the Energy Infrastructure Act. This bill is an authorization bill for many DOE programs. It also incorporates six separate cybersecurity related bills previously proposed in the Senate and includes seven cybersecurity mentions in passing.

This bill was later added as Division D of the Senate substitute language for HR 3684 that was passed in the Senate last month. The House is scheduled to take up HR 3684 on or before September 27^th.

Committee Hearing – Week of 8-22-21

With the House coming back to Washington for a brief 2-day session in the middle of their Summer Recess, there is only one committee hearing being held. Today the House Rules Committee will meet to formulate the rule for the consideration of three measures:

• S ConRes 14 - Setting forth the congressional budget for the United States Government for fiscal year 2022 and setting forth the appropriate budgetary levels for fiscal years 2023 through 2031.

• HR 4 - John R. Lewis Voting Rights Advancement Act of 2021

• Senate Amendment to HR 3684 - Infrastructure Investment and Jobs Act

HR 3684 is the bill of interest here as it contains a number of cybersecurity provisions including the text of at least six separate cybersecurity bills. S ConRes 14 will set up the crafting of an even larger infrastructure spending bill that could be passed in the Senate by a simple majority vote. HR 4 is a slightly more moderate voting rights bill that might be able to get 10 Republican votes in the Senate.

The vote on the Rule developed this morning will take place this evening in the whole House. It is expected to pass on a partly-line vote. A vote on HR 4 will almost certainly take place tomorrow; it is likely to pass on a party-line vote. What happens on HR 3684 and S Con Res is less certain.

As of late Saturday, Speaker Pelosi (D,CA) was promising a vote on that and the to be developed large infrastructure spending bill based on S ConRes 14 sometime before October 1^st. Moderate Democrats are demanding a vote on HR 3684 immediately (Tuesday) while Progressive Democrats are demanding that that vote be held hostage to a vote on the new infrastructure spending bill. Pelosi can only afford to lose 3 Democrat votes on S Con Res 14 and still get it passed. Without that bill passing, Democrats have no chance of getting their larger infrastructure bill to the President’s desk.

You cannot bet against Pelosi being able to pull a legislative rabbit out of the partisan hat, but it will have to be neat trick.

HR 3684 Debate in Senate – 8-8-21

Yesterday the Senate continued their debate of HR 3684, the Invest in America Act. One amendment to the substitute language, see below, was adopted The Senate voted (69 to 28) to accept the substitute language. Among the other changes made by that amendment, the name of the bill was changed to the “Infrastructure Investment and Jobs Act”. The Senate also voted (68 to 29) to close debate on the bill setting up a probable final vote on the bill on Tuesday. Debate resumes on the bill this morning.

Minor Amendment Adopted

The Senate adopted by a voice vote (pg S 6057) the Caputo Amendment {SA 2131 (pg S 5247)}. That amendment deletes the definition of the term ‘underserved community’ in §1459G(b)(1)(C) that was added to the Safe Drinking Water Act by §50112. The removal of that definition would effectively increase the number of drinking water systems that would be eligible for the new ‘advanced technology’ grant program authorized in §50112. That grant program specifically includes cybersecurity technology as a targeted ‘advanced technology’.

HR 3684 Debate in Senate – 8-7-21

Yesterday the Senate continued their debate of HR 3684, the Invest in America Act. There were 23 new amendments proposed; one of those amendments is of specific interest here. There will be no more amendments proposed for this bill. There were no votes on amendments. The Senate voted (67 to 27) to close debate on the substitute language. Debate on the substitute language continues today.

Cybersecurity Amendment

The following cybersecurity amendment was submitted yesterday:

SA 2638 – Sen King (I,NH) At the end of title VI of division G, add the following: Subtitle C—National Cyber Resilience Assistance Fund.  (Pg S 6016)

 

This amendment is probably similar to S 2491 that was recently introduced by King.

HR 3684 Debate in Senate – 8-3-21 – INVEST in America Act

Yesterday the Senate continued their debate of HR 3684, the Invest in America Act. There were 53 new amendments proposed; one of those amendments is of specific interest here. There were no votes on amendments. The Debate continues tomorrow.

Moving Forward

A cloture motion was filed for the debate on the substitute language and a vote is scheduled for Saturday. Another cloture motion was filed for the debate on HR 3684. The vote on that motion will occur after the substitute language final vote is taken. A deadline for filing of amendments was set for Saturday. A final vote on the bill will probably not happen until next week.

Cybersecurity Amendment

The following cybersecurity amendment was submitted yesterday:

SA 2578 - Sen Whitehouse (D,RI) - SEC. XXX. Preventing international cybercrime. (Pg S 5969).

This amendment is very similar to S 2139 that Whitehouse introduced in June.

HR 3684 Debate in Senate – 8-3-21

Yesterday the Senate continued their debate of HR 3684, the Invest in America Act. There were 95 new amendments proposed; none of those amendments were of specific interest here. There were votes on 14 amendments; seven were adopted and seven rejected. One of the amendments adopted (SA 2464) was related to cybersecurity. The Debate continues today.

SA 2464 Cybersecurity Changes

This amendment (pg S 5786) would make the same minor change to seven different places in the substitute language; §40121(b)(1),  §40121(c), §40122(b), §40122(c), §40124(b), §40125(b)(1), and §40125(d)(1). The change is to replace the word ‘consultation’ with the word ‘coordination’.

HR 3684 Debate in Senate – 8-3-21

Yesterday the Senate continued their debate of HR 3684, the Invest in America Act. There were 175 new amendments proposed. There were votes on five amendments; three were adopted and two rejected. None of those amendments were of specific interest here. The Debate continues today.

New Amendments

Yesterday the Senate continued their debate of HR 3684, the Invest in America Act. There were 175 new amendments proposed. There were votes on five amendments; three were adopted and two rejected. None of those amendments were of specific interest here. The Debate continues today.

New Amendments

Four of the 175 amendments introduced yesterday may be of interest here. They were:

SA 2302 Sen Risch (R,ID) - SEC. 412XX. Energy emergency and energy security functions assigned to assistant secretaries of energy. (Pg S 5726)

SA 2386 Sen Risch - SEC. 90XXX. Cybersecurity cooperative marketplace program. (pg S 5756)

SA 2407 Sen Blackburn (R,TN) – Division G, Title VI, Subtitle C—Cybersecurity and Blockchain

Technology. (Pg S 5766)

SA 2461 Sen Marshall (R,KS) - SEC. 40128. Fraud and related activity in connection with critical infrastructure. (Pg S 5785)

HR 3684 Debate in Senate – 8-2-21

The Senate continued their debate of HR 3684, the INVEST in America Act. There were 163 new amendments proposed. There were votes on three amendments; two were adopted and one rejected. None of those amendments were of specific interest here. The Debate continues today.

New Amendments

Two of the 163 amendments introduced yesterday may be of interest here. They were:

SA 2209 (pg S 5614) introduced by Sen Cornyn (R,TX). It would add a new subtitle to Division G, Title IV, the National Cybersecurity Preparedness Consortium Act. This is very similar to S 658 that was introduced in April and reported favorably by the Senate Homeland Security and Governmental Affairs in June.

SA 2269 (pg S5671) introduced by Sen Lee (R,UT). It would add a new division, Drone Integration and Zoning. This is very similar to S 600 that was introduced in April. No action has been taken on that bill.

Review - Senate Substitute Language for HR 3684 – Invest in America Act

Last night the Senate leadership finally came to an agreement on the substitute language that will be considered in the Senate for HR 3684. This was offered as amendment SA 2137 (pg S 5255) with an easier to read Committee Print available. The consideration process on the floor starts in earnest today and we will be seeing a number of amendments offered and considered.

As was expected, there are many cybersecurity provisions included in this bill. They include the incorporation of five bills that have been introduced in the House or Senate. The bill also includes five sections that provide detailed cyber security requirements and 27 instances of cybersecurity mentions in passing.

The amendment process for this bill was actually started on Friday with four amendments submitted, none of which are of interest here. There were no amendments proposed on Saturday, but there seven other amendments submitted yesterday. There will certainly be other amendments submitted in the coming days. The Democrats hope to finish the consideration of this bill by Friday so that the Senate can proceed with their scheduled Summer Recess, but there are reports that Sen Schumer is prepared to hold the Senate in session until the bill is passed.

For more details on the cybersecurity provisions in the substitute language, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/senate-substitute-language-for-hr - subscription required.

Senate Begins Debate on HR 3684 – Invest in America Act

Yesterday the Senate voted to close debate on the motion to proceed to the debate on HR 3684, the INVEST in America Act. The Senate is using that bill as the vehicle for consideration of the bipartisan infrastructure bill upon which an agreement was reached yesterday. There were no amendments filed yesterday, so the final details of the (actually writing the lengthy bill) of the legislation has not yet been completed. It looks like that amendment will be submitted today, probably with a long list of amendments to that language.

All of the cybersecurity language that the House added to HR 3684 is now in legislative limbo. I expect that we will see some cyber security language (including whole bills that would not otherwise make it to the floor of the Senate even though they would have bipartisan support), included in the amendments and maybe even the substitute language. The final chance for the return of the cyber language will come in the almost inevitable conference committee report to work out the differences between the House and Senate language. Most of the House cyber language was not attached to spending, so putting it back in the final bill would not change the price tag.

The Senate is scheduled to be in session next week before the they leave Washington for their Summer Recess (House starts next week). There is a chance that Sen Schumer will hold the Senate until the debate on HR 3684 is completed, but that would engender some opposition from the Republicans who will want lots of chances to offer their amendments to the bill. I would not be surprised to see the final vote come after the Senate returns in September.

Senate Takes up HR 3684 – INVEST in America Act

Yesterday the Senate began the process for the consideration of HR 3684, the INVEST in America Act. The Senate will be using this as the vehicle for their still-being-crafted bipartisan infrastructure bill. A cloture motion for the debate on the motion to proceed to consideration of the bill was filed with a cloture vote scheduled for some time Wednesday after the Senate deals with the nomination Bonnie D. Jenkins, of New York, to be Under Secretary of State for Arms Control and International Security. That is, of course assuming that compromise can be worked out on the substitute language that will be considered for HR 3684.

The House language for the bill will not be considered in the Senate, Republican opposition to the bill would ensure that. The bill passed in the House on a party-line vote. If a Republican supported (at least 10 votes worth of support) compromise cannot be worked out, HR 3684 will die in the Senate.

It is unlikely that all (or perhaps any) of the cybersecurity provisions that were worked into HR 3684 would make it into the substitute language. They could come back in the conference language that would have to be worked out before the bill is sent to President Biden.

Review - HR 3691 Introduced - Wastewater Infrastructure Modernization Act

Last month, Rep Bourdeaux (D,GA) introduced HR 3691, the Wastewater Infrastructure Modernization Act. The bill would establish a smart wastewater infrastructure technology grant program. It amends the Federal Water Pollution Control Act by adding a new §222 (note: that will probably be 33 USC §1302). The bill authorizes $500 million for the grant program.

Very similar language to that found in this bill was included in the version of HR 3684, the INVEST in America Act, that passed in the House. It was included as §12011 in Division H (pg 1661). That Division was added to the bill by the House Rules Committee. That means that there will be no committee action taken on this bill until the final status of HR 3684 is resolved. If the language remains in a version of the bill that makes it to the President’s desk, this bill will die a silent death. If that does not happen this bill may resume the legislative process.

For a more detailed review of the provisions of the bill and ways to clarify the coverage of cybersecurity measures, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/hr-3691-introduced - subscription required.