Last week Sen. Moore (R,WV) introduced S 3109, the Department
of Homeland Security Appropriations Act, 2019. This bill does not contain
language for a one-year extension of the Chemical Facility Anti-Terrorism
Standards (CFATS) program, but it does continue to provide funding at FY 2018
levels for that program. There are numerous cybersecurity mentions and one
unmanned aircraft system (UAS) provision that may be of interest to readers of
this blog.
Cybersecurity
The Committee provided funding for the National Computer
Forensics Institute to continue training “to bolstering State and local cyber
capabilities and supports USSS Electronic Crimes Task Forces” (pg 75). Funding
was provided at $25 million; an increase of $6.2 million over FY 2018 and $21
million more than the Trump Administration requested.
Funding for the National Cybersecurity and Communications
Integration Center (NCCIC) was set at $279 million with $186 million of that
going to “Computer Emergency Response Teams”; presumably ICS-CERT and US-CERT.
They also allocated $29.4 million of the NCCIC funds for “for election security
through NCCIC activities, including vulnerability scans and incident detection
and response” (pg 82).
DHS Science and Technology (S&T) received $6.5 million
for ‘cyber physical systems’ research. This includes $1.5 million “to continue
collaborating with the Department of Energy on Cybersecurity of Energy Delivery
Systems, which utilizes critical large scale electric power transmission test
facilities and relies on active cooperation and integration with operational
utility providers” (pg 111).
Counter UAS
The Report allocates $13 million for “supports continued
investments in research, development, testing, and evaluation of
Counter-Unmanned Aerial Systems” (pg 109) but notes that: “Committee is
extremely disappointed that the Department is unable to carry out many such activities
because it does not currently have the necessary legal authorities to do so.”
Moving Forward
The Senate Appropriations Committee adopted the bill by a
vote of 26 to 5 (pg 122). This level of bipartisan support is necessary to bring
the House bill (which is being marked up this week) to the for a vote. This cooperative
work in the Senate on spending bills this year provides the best chance we have
seen in quite some time for actually getting individual spending bills to the
President instead of having to wait for a series of continuing resolutions and
a massive spending bill at the last (or beyond the last) minute.
Commentary
I really expected to see language providing a one-year
extension of the CFATS program in this bill. Either the Committee was sure that
the normal order would prevail and an as-of-yet unwritten authorization bill
will pass before the end of the year (and that possibility does exist), or they
are relying on the fact that this DHS spending bill continuing the funding for
the CFATS program (listed as ‘Infrastructure Security Compliance’ on page 81 of
the report) will be sufficient to carry the program through what ever
legislative delay occurs between January 18th, 2019 and a final bill
being signed by the President.
An argument can be made that funding the program past the ‘expiration
date’ is a defacto continuing authorization. In fact, DHS has not seen
authorization language since it was formed in 2002. The difference, though, is that
the Homeland Security Act did not include an expiration date for DHS.
I have heard a number of legally knowledgeable individuals
say that continued funding is all the program really needs to keep going. I am
not enough of a legal scholar to really comment on that. I do know, however,
that industry is going to look askance at any program directives that come out
of the DHS Infrastructure Security Compliance Division (ISCD) after January 18th
lacking a reauthorization bill, especially if complying with those directives
costs any money. And there would be a natural tendency of corporate lawyers to
argue against any enforcement actions on the basis of ISCD lacking
reauthorization. Such arguments could take years to resolve in the courts.
We could still see a short-term extension of the CFATS
program in the House bill, or one could be added in the floor amendment process
in either house. I would expect, however, for such an amendment to carry the
day that it would have to be authored by the Chair and Ranking Member of the
respective homeland security committee. Such an amendment would signal the end
of the prospects for a CFATS authorization bill in this session.
Posts
