Bills Passed Under Suspension of Rules in House – 09-25-18

Yesterday as part of their consideration of bills under suspension of the rules, the House passed two bill that I have been covering here; HR 6620, the Protecting Critical Infrastructure Against Drones and Emerging Threats Act and HR 6229, the National Institute of Standards and Technology Reauthorization Act of 2018. Both bills passed by voice vote.

As is typical for bills considered under this procedure there was limited debate on each bill (10 minutes on HR 6620 and 17 minutes on HR 6229). Nary a word was said in opposition.

Committee Hearings – Week of 9-23-18

Both the House and Senate are in Washington this week and it is likely to be the last week the House will be in session before the election. A lot of political hearings this week but there are three hearings that may be of interest; HR 6157 conference report, a homeland security markup hearing and cybersecurity in the energy sector.

HR 6157 Conference

On Tuesday the House Rules Committee will hold a hearing on the Conference Report on HR 6157, the FY 2019 DOD and HHS spending minibus. They will formulate the rule for the floor consideration of the bill. This bill will also include new language providing for the continuing resolution (CR) for DHS spending thru December 6^th.

The Senate has already acted favorably on the Conference Report and the other two mini-busses have been sent to the White House. Congress has not come this close to finishing spending bills before the end of the fiscal year in quite some time. This may be the most important achievement of the 115^th Congress.

Homeland Security Markup

On Wednesday the Senate Homeland Security and Governmental Affairs Committee will hold a business meeting that will include the markup of a number of homeland security related bills, including:

• S 3405, Protecting and Securing Chemical Facilities from Terrorist Attacks Act of 2018;

• S 3309, OHS Cyber Incident Response Teams Act of 2018; and  

• S 594, National Cybersecurity Preparedness Consortium Act of 2017;

There will be a total of 43 bills considered during this meeting, but 21 of them are postal facility naming bills. Most of the remaining bills will be approved by unanimous consent. It will be interesting to see how many amendments are offered on S 3405. The bill did not have any cosponsors when offered and has not acquired any since then. This is unusual in a bill of this type where there is a general consensus on the need for extending the covered program (CFATS).

Unfortunately, we are unlikely to see the text of any of the offered amendments. We will see the revised version of the bill (if changes are made) when the committee report is published in the next month or so (if we are lucky).

Energy Cybersecurity

On Thursday, the Energy Subcommittee of the House Energy and Commerce Committee will hold a hearing looking at “DOE Modernization: The Office of Cybersecurity, Energy Security, and Emergency Response (CESER)”. The witness list has not yet been posted, but a press release notes that the Subcommittee will hear from Assistant Secretary Karen Evens who is in charge of the CESER. The discussions here will almost certainly focus on policy level issues, but cybersecurity will certainly be the overarching topic.

On the Floor

With the mid-term election pending the House will be trying to clean up a lot of miscellaneous business this week with grandstanding and political posturing making the most news, but lots of less controversial stuff being taken care of as well. The HR 6157 Conference Report will be the most important, but the House will also be taking up 54 bills under their suspension of the rules procedure; most of these will pass with significant bipartisan support. Bills of interest here include:

• HR 6620 – Protecting Critical Infrastructure Against Drones and Emerging Threats Act; and

• HR 6229 – National Institute of Standards and Technology Reauthorization Act of 2018, as amended;

As always there will be limited debate, no floor amendments and a supermajority will be required to pass. Both of these bills will pass; no political posturing here – okay, bipartisan posturing.

HR 6229 Introduced – NIST Reauthorization

Last month Rep. Comstock (R,VA) introduced HR 6229, the National Institute of Standards and Technology (NIST) Reauthorization Act of 2018. The bill would provide authorization for NIST for both FY 2018 and FY 2019. The bill was adopted by a voice vote in a mark-up hearing by the Committee on Space, Science, and Technology on June 27^th, 2018 with one amendment. The bill contains a number of cybersecurity provisions.

Cybersecurity

Section 4 of the bill addresses the NIST cybersecurity programs. Most of it deals with support for the cybersecurity operations of agencies of the Federal government, but paragraph (c) addresses the cybersecurity research activities of NIST. These include:

• The development of research and engineering capabilities to provide practical solutions, including measurement techniques and engineering toolkits, to solve cybersecurity challenges such as human factors, identity management, network security, privacy, and software;

• Investment in tools to help private and public-sector organizations measure their cybersecurity, manage their risks and ensure workforce preparedness for new cybersecurity challenges; and

• Investment in programs to prepare the United States with strong cybersecurity and encryption technologies to apply to emerging technologies such as artificial intelligence, the internet of things, and quantum computing.

Section 7 of the bill addresses NIST research activity associated with the internet of things (IoT). It specifically addresses cybersecurity in two subparagraphs:

• The development of new tools and methodologies for cybersecurity of the internet of things; and

• The development and publication of new cybersecurity tools, encryption methods, and best practices for internet of things security.

None of the research requirements mentioned above include specific authorization for funding, so NIST will have to fund this research out of existing programs.

Committee Amendment

Rep. Comstock (R,VA) introduced the only amendment to HR 6229 to be considered by the Committee. It increased the authorized FY 2019 spending for NIST from $1.115 to $1.125 trillion dollars. It allocated all of that the funding increase to spending for industrial technology services; increased from $145 million to $155 million. It also removed the sub-allocation amounts in that account for the Manufacturing Extension Partnership and Manufacturing Innovation programs.

Moving Forward

This bill will move forward to the floor of the House. It will probably be considered under the suspension of the rules provisions with limited debate and no floor amendments. It will receive wide bipartisan support.

Commentary

It was disappointing to me to see no specific mention of industrial control system cybersecurity in the NIST research agenda while IoT received equal billing with cybersecurity and quantum information science. This is not implying that ICS cybersecurity research will not be conducted by NIST, just that Congress still does not see ICS cybersecurity as a priority. I expected better from the Science, Technology, and Space Committee.

On a nit-picking side note. There had been one other amendment proposed to this bill, but it was withdrawn by its author, Rep. Tonko (D,NY), presumably in favor of the Comstock amendment. Tonko’s version would have reduced the overall R&D authorization by $10 million to $840 million while increasing the industrial technology services account to the same $150 million set in the Comstock amendment. Tonko, however, would have allocated all of that increase to the Manufacturing Innovation Program.

The administrative problem with both of these amendments is that neither says where the additional $10 million for industrial technology services would come from. Comstock did not increase the R&D authorization and Tonko actually would have reduced it. Thus, both amendments would require NIST to reduce funding for other existing (but not specifically authorized) programs to provide the additional funding required.

Bills Introduced – 06-26-18

Yesterday with both the House and Senate in session there were 36 bills introduced. Of those three may be of specific interest to readers of this blog:

HR 6229 To authorize the programs of the National Institute of Standards and Technology, and for other purposes. Rep. Comstock, Barbara [R-VA-10]

HR 6235 To amend title 18, United States Code, to prohibit the use of unauthorized unmanned aircrafts over wildfires. Rep. Tipton, Scott R. [R-CO-3]

S 3132 A bill to amend title 18, United States Code, to prohibit the use of unauthorized unmanned aircrafts over wildfires. Sen. Gardner, Cory [R-CO]

HR 6229 is the official version of the bill that I discussed on Monday. It is being marked up in the House Science, Space, and Technology Committee today.

The two other bills are almost certainly companion measures written in response to a recent incident where a television news drone caused a grounding of firefighting aircraft during a wildfire in Colorado. There was a temporary flight restriction in place which made the flight illegal in the first place. One media report also noted that 43 CFR 9212.1(f) (interfering with firefighting efforts) could also be stretched to cover this issue. In any case, I will be watching these bills for any language that authorizes interception action in response to the violation.