TSA Announces STSAC Meeting – 11-17-22

The Transportation Security Administration published a meeting notice in Monday’s (available online today) Federal Register (87 FR 64243-64244) for in-person meeting (with virtual participation) of the Surface Transportation Security Advisory Committee (STSAC) on November 17^th, 2022 in Springfield, VA.

The agenda includes committee and subcommittee briefings on FY 2023 activities, including:

Cybersecurity Information Sharing,

Emergency Management and Resiliency,

Insider Threat, and

Security Risk and Intelligence

The public may participate via a WebEx link. Participation (including the presentation of oral or written comments) registration should be done by contacting STSAC@tsa.dhs.gov by November 14, 2022.  

TSA Publishes Request for Applicants for STSAC Membership

Today the TSA published a request for applicants notice in the Federal Register (87 FR 36522-36523) for membership in the Surface Transportation Security Advisory Committee (STSAC). The STSAC's mission is to provide advice, consultation, and recommendations to the TSA Administrator on improving surface transportation security matters, including developing, refining, and implementing policies, programs, initiatives, rulemakings, and security directives pertaining to surface transportation security, while adhering to sensitive security guidelines.

STSAC has 40 voting members representing each mode of surface transportation, such as passenger rail, freight rail, mass transit, pipelines, highways, over-the-road bus, school bus industry, and trucking. Members must represent one of the constituencies specified below to be eligible for appointment:

• Associations representing such modes of surface transportation,

• Labor organizations representing such modes of surface transportation,

• Groups representing the users of such modes of surface transportation, including asset manufacturers, as appropriate,

• Relevant law enforcement, first responders, and security experts, and

• Such other groups as the Administrator considers appropriate.

Applications can be emailed to STSAC@tsa.dhs.gov by July 18^th, 2022. Applications should include:

• Complete professional resume.

• Statement of interest and reasons for application, including the membership category and how you represent a significant portion of that constituency, and

• Home and work addresses, telephone number, and email address.

TSA Announces STSAC Meeting – 11-18-21

Yesterday the TSA published a meeting notice in the Federal Register (86 FR 60269-60270) for a meeting of the Surface Transportation Security Advisory Committee (STSAC). The meeting will be held by telephonic conference on November 18^th, 2021. Advanced registration to participate is required.

The agenda includes briefing by the Committee and Subcommittees on topics including:

• Cybersecurity Information Sharing,

• Emergency Management and Resiliency,

• Insider Threat, and

• Security Risk and Intelligence

Persons wishing to make written or oral presentations to the Committee are required to coordinate in advance with STSAC via email (STSAC@tsa.dhs.gov).

TSA Publishes STSAC Appointment Notice – 7-8-21

Today the Transportation Security Administration published a request for applicants notice in the Federal Register (86 FR 36148) for “Appointment to the Surface Transportation Security Advisory Committee”. According to the notice summary:

“STSAC's mission is to provide advice, consultation, and recommendations to the TSA Administrator on improving surface transportation security matters, including developing, refining, and implementing policies, programs, initiatives, rulemakings, and security directives pertaining to surface transportation security, while adhering to sensitive security guidelines.”

STSAC members represent each mode of surface transportation, including:

• Associations representing such modes of surface transportation,

• Labor organizations representing such modes of surface transportation,

• Groups representing the users of such modes of surface transportation, including asset manufacturers, as appropriate,

• Relevant law enforcement, first responders, and security experts, and

• Such other groups as the Administrator considers appropriate.

The STSAC web site provides more information on what the Committee does. While not specifically mentioned on the site, I suspect that a major topic of conversation at the next meeting (8-19-21) will be pipeline cybersecurity. Interestingly, that topic was not mentioned in the STSAC FY 2021 recommendations document, but ransomware attacks have a way of changing priorities.

According to the notice, TSA is specifically looking for five applicants “with specific expertise in the pipeline mode of surface transportation and cybersecurity across all surface transportation modes.”

Interested applicants may contact Judith Harroun-Lord, STSAC Designated Federal Officer, via email STSAC@tsa.dhs.gov. They need to provide:

• Complete professional resume.

• Statement of interest and reasons for application, including the membership category and how you represent a significant portion of that constituency, and also provide a brief explanation of how you can contribute to one or more TSA strategic initiative, based on your prior experience with TSA, or your review of current TSA strategic documents that can be found at www.tsa.gov/about/strategy.

• Home and work addresses, telephone number, and email address.

House Passes STSAC Authorization and ICS Security Bills

Yesterday the House passed two bills that have been covered in this blog; HR 5081, the Surface Transportation Security and Technology Accountability Act of 2018, and HR 5733, the DHS Industrial Control Systems Capabilities Enhancement Act of 2018. Both bills were considered under the suspension of the rules process and were approved by voice votes.

I do not often mention the ‘floor debate’ about bills considered under the suspension of the rule process because that debate is normally congratulations about the bipartisan effort to develop the bill in committee. While we certainly saw a good measure of this in the debate on ICS cybersecurity bill, we also saw a potentially important mention of the DHS ICS-CERT.

In his brief speech supporting the bill, Rep. Langevin (D,RI) talked at some length about the important work being done by ICS-CERT. He started by explaining his amendment adopted by the House Homeland Security Committee on vulnerability disclosures (pg H5631):

“During the committee consideration, I was also proud to offer an amendment to codify ICS-CERT’s coordinated vulnerability disclosure program [emphasis added] that ensures ICS vulnerabilities can be reported securely, promptly, and responsibly.”

He goes on to note (pg H5632):

“The coordinated vulnerability [disclosure] program does just that by helping critical infrastructure owners and operators who receive notices from ICS-CERT about discovered vulnerabilities and effective patches before malicious actors have a chance to exploit any flaws. Mr. Speaker, this bill would empower ICS-CERT to carry out this mission fully and effectively [emphasis added].”

While I have been critical of the bill’s failure to mention both ICS-CERT and US-CERT as the organizations that carry out the specified work of the National Cybersecurity and Communications Integration Center (NCCIC), the specific mention of the role of ICS-CERT in the congressional debate on this bill will go a long way is preserving the existence of, and defining the role of, that organization.

Committee Hearings – Week of 06-24-18

With both the House and Senate in session this week it looks to be a busy week for Committee work. We are still seeing spending bills being marked-up and we have three cybersecurity related authorization bills. There will also be a Senate mark-up of the TWIC Reader Delay bill in that body.

Spending Bills

Monday – House Rules Committee – HR 6157 DOD;

Tuesday – House Rules Committee – HR 6157 DOD;

Tuesday – House Committee – LHHS;

Tuesday – Senate Sub-Committee – DOD;

Tuesday – Senate Sub-Committee – LHHS;

Thursday – Senate Committee – DOD;

Thursday – Senate Committee – LHHS

The Senate will finish work on HR 5895, the FY 2019 EWR spending bill Monday evening. The House will take up HR 6157, the FY 2019 DOD spending bill, either late Tuesday or on Wednesday.

Cybersecurity Authorization Bills

The three authorization bills with a cybersecurity nexus are for the National Telecommunications and Information Administration (NTIA), the National Institute of Science and Technology (NIST) and the intelligence community.

On Tuesday the Communications and Technology Subcommittee of the House Energy and Commerce Committee will hold a hearing on their draft of an authorization bill for NTIA. The witness list includes:

• Michael D. Gallagher, Entertainment Software Association;

• John Kneuer, JKC Consulting; and

• Joanne S. Hovis, CTC Technology and Energy

The draft bill includes two ‘Sense of Congress’ sections on cybersecurity threats and supply chain vulnerabilities, and on preservation of domain name system and WHOIS service.

On Wednesday the House Science, Space, and Technology Committee will hold a mark-up hearing for three as of yet unintroduced bills. One of those is the draft of the NIST authorization bill. The draft includes a section on general cybersecurity and a separate section on IoT with cybersecurity language included.

On Thursday the House Intelligence Committee will hold the inevitably closed-hearing on their mark-up of the as of yet unpublished FY 2019 Intelligence Authorization Act. The draft is not publicly available and, of course, the good stuff will be in the classified annex to the bill.

TWIC Reader Rule

On Wednesday the Senate Commerce, Science, and Transportation Committee will hold a mark-up hearing on eight bills, including S 3094. The text of that bill has not yet been published by the GAO, but it sounds like it should be a companion bill to HR 5729, the Transportation Worker Identification Credential Accountability Act of 2018. After having reviewed the Coast Guard NPRM on their proposed selective delay of the implementation of the TWIC Reader Rule, it seems unlikely that the two legislative delay attempts and the CG delay are very closely related to the same issues.

On the Floor

In addition to the two spending bills on the floor this week, we will also see the House take up two bills of potential interest to readers of this blog. Later today the House will consider HR 5081, the Surface Transportation Security and Technology Accountability Act of 2018, and HR 5733, the DHS Industrial Control Systems Capabilities Enhancement Act of 2018. Both bills will be taken up under the suspension of the rules provisions. This means limited debate and no floor amendments. It also means that the leadership expects serious bipartisan support for both bills since a super-majority is required for passage.

The House is also scheduled to take up a motion to go to conference on HR 5515, the FY 2019 DOD authorization bill, that passed in the Senate last week.

HR 5081 Introduced – Surface Transportation Advisory Committee

of policies, programs, initiatives, rulemakings, and security directives pertaining to surface transportation security” {new 6 USC 1621(b)(1)}.

STSAC

Section 1621(c) establishes the composition of the Committee. It will be composed of voting and non-voting members. The non-voting members would be appointed by specified government agencies and would be expected to provide advise to the Committee; presumably on how the agencies operate.

The voting members would represent the different modes of surface transportation. Those members would come from {§1621(c)(2)}:

• Associations representing such modes of surface transportation;

• Labor organizations representing such modes of surface transportation;

• Groups representing the users of such modes of surface transportation, including asset manufacturers, as appropriate; and

• Relevant law enforcement, first responders, and security experts.

Moving Forward

Katko is the Chair of the Transportation and Protective Security Subcommittee of the House Homeland Security Committee. His two cosponsors are Rep. Watson-Coleman (D,NJ; Subcommittee Ranking Member) and Rep. McCaul (R,TX; Committee Chair). This is certainly strong, bipartisan support within the Committee.

The bill will be considered on Wednesday in the Committee markup hearing. I see nothing in the bill that would attract any significant opposition. It will receive bipartisan support in Committee and likely on the floor of the House should it make it there.

Commentary

These advisory committees are an effective way to get a wide range of industry input into how to effectively develop regulations. A lesser realized advantage of these groups is that it provides another information conduit for federal agencies to effectively communicate to the regulated communities.