Sunday, July 23, 2017

HR 3202 Introduced – Cybersecurity Reporting

Earlier this month Rep. Jackson-Lee (D,TX) introduced HR 3202, the Cyber Vulnerability Disclosure Reporting Act. The bill would require a report to Congress on procedures that DHS has developed in regards to vulnerability disclosures.

Section 2 of the bill requires DHS (within 240 days of passage of the bill) to report to Congress that describes “the policies and procedures developed for coordinating cyber vulnerability disclosures, in accordance with section 227(m) of  the Homeland Security Act of 2002 (6 U.S.C. 148(m) [Link Added; Note: it is §148(l) at this link, an amendment changing that para to (m) has not yet been published])” {§2(a)}.

Moving Forward


Jackson-Lee is an influential member of the House Homeland Security Committee, the committee to which the bill was assigned for consideration. It is very likely that she has enough influence to have this bill considered in Committee. There is nothing in the bill that would draw the ire of any organization. Since it just requires a very legitimate report to Congress it is likely that this bill would have enough bipartisan support to allow it to be considered under the suspension of the rules procedures in the House. If it were to be considered in the Senate, it would likely be considered under their unanimous consent procedure.

Commentary


Since the bill specifies that the main report will be unclassified (with a potential classified annex) I would have liked to have seen the bill include a provision for DHS to post a copy of the unclassified version of the report to the NCCIC web site. That would allow these policies and procedures to become public knowledge, as they should be. Without that sort of provision we may never see this report; it certainly will not show up on a congressional web site.


No comments:

 
/* Use this with templates/template-twocol.html */