This week, with both the House and Senate in session, there
is a fairly normal hearing schedule on both sides of Capitol Hill. The Senate
is concentrating on confirmation hearings, as would be expected. There is one
cybersecurity hearing and two others that may touch on cybersecurity issues.
On Friday there will be a joint hearing of the House
Oversight and Reform Committee and the House Homeland Security Committee on “Weathering
the Storm: The Role of Private Tech in the SolarWinds Breach and Ongoing
Campaign”. It will be a closed hearing and no witness list is currently
available. There is a remote chance that there will be some discussion or at
least questions about the impact of the Breach on industrial control system
security, but we will probably never hear about them.
There will be more hearings on this topic, many of them
public with lots of finger pointing and gnashing of teeth. Do not expect more
than theater at this point.
Possible Cybersecurity Mentions
There are two hearings this week that may include some
discussion about control system cybersecurity, but I will not be holding my
breath. I call them out because of multiple mentions in the media about the
possibility that the COVID relief bill could include some sort of funding for
cybersecurity at water facilities.
This afternoon the House Budget Committee will hold a markup
hearing on the “American Rescue Plan Act of 2021”. The text
of the bill that the Committee will markup does not include any mention of
cybersecurity. This is presumably one of the bills mentioned in last
week’s post on TheCipherBrief that would provide funding for water facility
cybersecurity. There is a $50 million mention (§3033) of funding for water
facilities, but that is targeted to help pay overdue water bills. We might see
something added in the markup, but not likely.
The second hearing will be conducted tomorrow by the Water
Resources and Environment Subcommittee of the House Committee on Transportation
and Infrastructure on “Building Back Better: The Urgent Need for Investment in
America’s Wastewater Infrastructure”. No witness list is currently available. Again,
there is a rather remote possibility that cybersecurity for these facilities
could be mentioned in light of the recent drinking water hack in Florida.