Review - HR 8625 Reported in Senate – Nonprofit Security Grant Program

Last month, the Senate Homeland Security ang Governmental Affairs Committee published their report on HR 6825, the Nonprofit Security Grant Program Improvement Act of 2022. The Committee considered the bill in business meeting on August 3^rd, 2022, and after amending and adopting substitute language, ordered the bill reported favorably. The revised language modifies the administrative requirement changes made in the House language. The Senate language reduces the House approved funding from $500 million to $360 million per year though 2028.

Moving Forward

With the publication of the Report, this bill is now cleared for consideration by the full Senate. There is a remote possibility that the bill could be considered under the Senate’s unanimous consent process. The bill is not important enough to take up the time necessary for consideration under regular order, particularly in the closing two months of the session. There is a possibility that the bill could be included in the year end spending bill, but that could end up being either the House passed or Senate committee version.

 

For more details about the revisions made in the Senate version of the bill, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/hr-8625-reported-in-senate - subscription required.

Committee Hearings – Week of 7-31-22

 With the House already on Summer Recess, just the Senate will be in Washington this week, eager to be gone. Light committee schedule with one markup hearing of note.

Markup Hearing

On Wednesday, the Senate Homeland Security and Governmental Affairs Committee will hold a business meeting. They will take up 3 DC court nominations, 30 pieces of legislation, and 9 postal naming bills. Bills that I will be watching for include:

S ____, Safeguarding the Homeland from the Threats Posed by Unmanned Aircraft Systems Act of 2022,

HR 6825, Nonprofit Security Grant Program Improvement Act of 2022, and

HR 7077, Empowering the U.S. Fire Administration Act;

It will be interesting to see how far reaching the UAS bill is in allowing actual action against UAS at non-federal facilities. The bill may be introduced today, but I doubt the text will be available for review before Wednesday’s hearing.

HR 6825 Passed in House – Nonprofit Grant Program

Yesterday the House took up HR 6825, the Nonprofit Security Grant Program Improvement Act of 2022. The bill was considered under the suspension of the rules process. After limited debate, with no dissenting voices heard, the bill passed by a vote of 288 to 129. The bill is unlikely to be considered in the Senate.

The bill would amend the current Nonprofit Security Grant Program (6 USC 609a) to specifically includes the risk of “extremist attacks other than terrorist attacks and threats’ in the coverage of the grant program. It also increases the out-year funding from $75 million per year to $500 million per year. The program currently supports cybersecurity measures.

It is not clear why there was so much Republican opposition to the bill since no one spoke out during the debate. I suspect, however, that this was a combination of the increased cost and the addition of the ‘extremist attacks’ language. With Chairman Thompson (D,MS) specifically citing the racially motivated attack this weekend in Buffalo in yesterday’s debate (pg H4984), there may have been some supporters of the ‘replacement theory’ that felt some of their base might be targeted by the new funding.

This bill is unlikely to be considered in the Senate. It is not ‘important’ enough to take up the legislative time required for regular order and the significant Republican opposition would make consideration under the unanimous consent process impossible. The only hope for moving forward would be to include the language in a larger, must pass, or sure to pass, bill.

For more details about the provisions of the bill, see my article on CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/hr-6825-introduced - subscription required.

Committee Hearings – Week of 5-15-22

This week, with both the House and Senate in session, there is a very active hearing schedule on both sides of the Hill. FY 2023 budget hearing continue, including Member Day hearings (where congresscritters not on the Appropriations Committee have a chance to plead for their favorite projects). We also have two cybersecurity markups, a health and education cybersecurity hearing, and an emergency response hearing.

Cybersecurity Markups

On Tuesday, the House Science, Space, and Technology Committee will hold a business meeting to consider four pieces of legislation. It will include:

• HR 7569, the Energy Cybersecurity University Leadership Act of 2022.

On Wednesday, the Senate Small Business Committee, will hold a business meeting to consider five bills. It will include:

• S 1687, the Small Business Cyber Training Act of 2021

NOTE: I have not followed this bill closely because it deals with cybersecurity training for employees of Small Business Development Center, not small businesses.

Cybersecurity Hearings

On Wednesday the Senate Health, Education, Labor and Pensions Committee will hold a hearing on “Cybersecurity in the Health and Education Sectors”. The witness list includes:

• Denise Anderson, Health Information Sharing and Analysis Center,

• Joshua Corman, I Am the Cavalry,

• Amy McLaughlin, Consortium of School Networking, and

• Helen Norris, Chapman University

I do not think that there will be any in depth discussion about medical device cybersecurity issues, but I could be wrong with Corman as a witness.

Emergency Response

On Tuesday, the Emergency Preparedness, Response, and Recovery Subcommittee of the House Homeland Security Committee will hold a hearing on “Creating a More Resilient Nation: Stakeholder Perspectives”. The witness list will include:

• Chris Currie, GAO,

• Orlando Rolón, Chief of Police, City of Orlando, and

• George Dunlap, Mecklenburg County Commission

I do not think that there will be any specific discussion about response planning for chemical incidents.

On the Floor

There are five cybersecurity bills scheduled for consideration in the House this week under the suspension of the rules process. They include:

HR 5658 – DHS Roles and Responsibilities in Cyber Space Act, as amended,

HR 6824 – President’s Cup Cybersecurity Competition Act, as amended,

HR 6825 – Nonprofit Security Grant Program Improvement Act of 2022, as amended,

HR 6868 – Cybersecurity Grants for Schools Act of 2022, as amended, and

S 2520 – State and Local Government Cybersecurity Act of 2021,

Review - HR 6825 Introduced – Nonprofit Grant Program

Last month, Rep Thompson (D,MS) introduced HR 6825, the Nonprofit Security Grant Program Improvement Act of 2022. The bill would amend 6 USC 609a, the Nonprofit Security Grant Program. The amendments include adding new allowed uses of the funds and requires FEMA to establish a program office to administer the grant program. The bill would increase the funding for the program and extends that funding through 2028.

The bill was approved yesterday by a voice vote in the House Homeland Security Committee after substitute language was approved. Among the changes made by the substitute is a provision that specifically includes the risk of “extremist attacks other than terrorist attacks and threats’ in the coverage of the grant program.

Moving Forward

Passage by voice vote in Committee indicates that there is at least some measure of bipartisan support for this bill. There was an attempt by Rep Higgins (R,LA) to express some concerns with this bill, but there was no follow-up at the end of the hearing. I suspect that the legislation will be considered in the Full House under the suspension of the rules process. It will probably pass with bipartisan support.

Commentary

While §609a does currently allow for the use of grant funds for cybersecurity training {§609a(c)(2)} and ‘cybersecurity resilience activities’ {§609a(c)(2)}, that funding only extends to protection against terrorist attacks or threats of such attacks. The substitute language addition of ‘extremist attacks’ allows DHS to include threats from domestic groups without the political baggage of trying to identify domestic terrorist groups. This is almost certainly why there is no definition of the term ‘extremist attacks’.

Still, this does not address the expanding need for protection against non-terrorist (or even extremist) cyberattacks like ransomware attacks. This bill would have been an ideal place to include protection against ransomware attacks as an allowed use of grant funds. With this bill probably going to the Full House under the suspension of the rules process, the chances for amending the bill have essentially passed.

Perhaps it is time to change the definition of ‘terrorism’ to specifically include ransomware attacks.

 

For more details about the provisions of the bill and the substitute language, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/hr-6825-introduced - subscription required.

Committee Hearings – Week of 2-27-22

This week with both the House and Senate returning to Washington, there is a pretty routine number of Committee hearings currently scheduled. They include a hearing on DOE related bills in the Senate and a markup hearing in the House that includes cybersecurity measures.

DOE Hearing

Tomorrow, the Senate Energy and Natural Resources Committee will conduct a hearing on pending legislation. They list seven DOE related bills that about which they will receive testimony. The witness list is currently limited to Geraldine Richmond, DOE. One of the bills touches on responsibilities for cybersecurity incident response at DOE, S 2302.

Cybersecurity Markup

On Wednesday, the House Homeland Security Committee will hold a markup hearing looking at 12 pieces of legislation. There are three bills that may be of interest here, two were introduced last Friday and one will be introduced this week, probably today.

HR 6824, “President’s Cup Cybersecurity Competition Act” [PDF]

HR 6825, "Nonprofit Security Grant Program Improvement Act of 2022" [PDF]

HR____, "Cybersecurity Grants for Schools Act of 2022" [PDF]

I have not yet had a chance to do a detailed review of any of these bills since they have not been published by the GPO. I will be looking at the Committee drafts (links provided above) for the bills before Wednesday.

Bills Introduced – 2-25-22

Yesterday, with the House meeting in pro forma session, there were 40 bills introduced. Two of those bills may receive additional coverage in this blog:

HR 6824 To authorize the Cybersecurity and Infrastructure Security Agency of the Department of Homeland Security to hold an annual cybersecurity competition relating to offensive and defensive cybersecurity disciplines, and for other purposes. Rep. Luria, Elaine G. [D-VA-2]

HR 6825 To amend the Homeland Security Act of 2002 to enhance the funding and administration of the Nonprofit Security Grant Program of the Department of Homeland Security, and for other purposes. Rep. Thompson, Bennie G. [D-MS-2] 

I will be watching HR 6825 for language and definitions that would allow cybersecurity spending to be covered under the Nonprofit Security Grant Program.

I will be covering HR 6824.