BOLO -House Energy Committee mark ups -June 10th - I’ll highlight the important bills

It’s up to you if you want to know what legislation is currently making its way through the labyrinth of the Legislative Branch. Read if interested

Cyber Security- Biden Administration

On May 12, 2021 President Biden’s signed an Executive Order 14028 - Executive Order on Improving the Nation’s Cybersecurity to support our nation’s cybersecurity and protect the critical infrastructure and Federal Government networks underlying our nation’s economy and way of life.
E.O. 14028 of May 12, 2021 - Federal Register Vol. 86, No. 93 - none of this should surprised you, because the moment President Biden was sworn in - immediate action needed to be taken regarding the SolarWinds breach. I’m not going to regurgitate my previous archived Twitter Threads

Key Points of Biden’s Cyber Security Executive Order:

Remove Barriers to Threat Information Sharing Between Government and the Private Sector:

• The EO ensures that IT Service Providers are able to share information with the government and requires them to share certain breach information.

• Modernize and Implement Stronger Cybersecurity Standards in the Federal Government - The EO helps move the Federal Government to secure cloud services and a zero-trust architecture, and mandates deployment of multifactor authentication and encryption within a specific time period.

• Improve Software Supply Chain Security - The EO will improve the security of software by establishing baseline security standards for development of software sold to the government, including requiring developers to maintain greater visibility into their software and making security data publicly available. It also creates a pilot program to create an “energy star” type of label so the government – and the public at large – can quickly determine whether software was developed securely.

• Establish a Cyber Safety Review Board - The EO establishes a Cyber Safety Review Board, co-chaired by government and private sector leads, with the authority to convene following a significant cyber incident to analyze what happened and make concrete recommendations for improving cybersecurity. This board is modeled after the National Transportation Safety Board, which is used after airplane crashes and other incidents.

• Create a Standard Playbook for Responding to Cyber Incidents; The EO creates a standardized playbook and set of definitions for cyber incident response by federal departments and agencies. The playbook will ensure all federal agencies meet a certain threshold and are prepared to take uniform steps to identify and mitigate a threat and serve as a template for the private sector to use in coordinating response efforts.
  

• Improve Detection of Cybersecurity Incidents on Federal Government Networks. - The EO improves the ability to detect malicious cyber activity on federal networks by enabling a government-wide endpoint detection and response (EDR) system and improved information sharing within the Federal Government.

•  Improve Investigative and Remediation Capabilities - The EO creates cybersecurity event log requirements for federal departments and agencies to improve an organization’s ability to detect intrusions, mitigate those in progress, and determine the extent of an incident after the fact.

• Improve Investigative and Remediation Capabilities. The Executive Order creates cybersecurity event log requirements for federal departments and agencies. Poor logging hampers an organization’s ability to detect intrusions, mitigate those in progress, and determine the extent of an incident after the fact.  Robust and consistent logging practices will solve much of this problem.

House Energy and Commerce Committee - June 10th

EPA September 2020 “final rule”

H.J. Res. 34, providing for congressional disapproval under chapter 8 of title 5, United States Code, of a rule submitted by the Environmental Protection Agency relating to "Oil and Natural Gas Sector: Emission Standards for New, Reconstructed, and Modified Sources Review"

That Congress disapproves the rule submitted by the Environmental Protection Agency relating to ‘‘Oil and Natural Gas Sector: Emission Standards for New, Reconstructed, and Modified Sources Review’’ (published at 85 3 Fed. Reg. 57018 (September 14, 2020)), and such rule 4 shall have no force or effect.

It goes without saying former EPA Administrator Wheeler literally copied and pasted the language from the deep pockets of Oil & Gas lobbyist.

EPA Final Rule published at 85 3 Federal Register 57018 -September 14, 2020

H.R. 2928, the "Cyber Sense Act of 2021" -

Secretary of Energy to establish a voluntary Cyber Sense program to test the cybersecurity of products and technologies intended for use in the bulk-power system, and for other purposes. Take a look at what I red-lined. While I agree on principle that requiring the Energy Department establish a program —that become inconsequential when its “voluntary” as it stands the only law on the books that requires notification of a cyber attack is essentially a coat-rider vis a vis the Securities Exchange Act. I think H.R.2928 lacks the teeth to effectuate real change and disclosure. But I remain optimistic that Congress is, slowly but surly moving in the right direction

H.R. 2931, the "Enhancing Grid Security through Public-Private Partnerships Act" -To provide for certain programs and developments in the Department of Energy concerning the cybersecurity and vulnerabilities of, and physical threats to, the electric grid, and for other purposes.

H. Res. 9l31 - Dept of Energy - cybersecurity and vulnerabilities of, and physical threats to, the electric grid,

Here again you’ll note this is “voluntary” and nothing forces the private sector energy suppliers to disclose a breach -unless they are a public organization and then the SEC requires 10-K -per the SEC statutes - it requires publicly traded companies to:

Form 10-K requires disclosures of risk factors under Item 105, but Form 10-Q also requires disclosure of any material changes since the last Form 10-K

H.R. 3078, the "Pipeline and LNG Facility Cybersecurity Preparedness Act" - To require the Secretary of Energy to carry out a program relating to physical security and cybersecurity for pipe- lines and liquefied natural gas facilities. ‘Shall” is declarative and it’s a mandate versus voluntary. Therefore I have minimal criticism (shocker yes I know)

…to establish policies and procedures to co￾16 ordinate Federal agencies, States, and the energy sector, including through councils or other entities engaged in sharing, analysis, or sector coordinating, to ensure the security, resiliency, and survivability of natural gas pipelines (including natural gas transmission and distribution pipelines), hazardous liquid pipelines, and liquefied natural gas facilities;

H.R. 3119, the "Energy Emergency Leadership Act" - To amend the Department of Energy Organization Act with respect to functions assigned to Assistant Secretaries, and for other purposes.
Subsection (a) of section 203 of the Department of Energy Organization Act (42 U.S.C. 7133(a)) is amended by adding at the end the following new paragraph:

‘‘(A) responsibilities with respect to infrastructure, cybersecurity, emerging threats, supply, and emergency planning, coordination, response, and restoration; and

‘(B) upon request of a State, local, or tribal government or energy sector entity, and in consultation with other Federal agencies as appropriate, provision of technical assistance, support, and response capabilities with respect to energy security threats, risks, and incidents.’’.

H.R. 2668, the "Consumer Protection and Recovery Act"

…of all the House Resolutions set to be “marked up” during tomorrow’s session this H Res is the one I’d keep an eye on - the FTC tentacles are far reaching and consequential as in it could directly impact many Americans. Under the recent legal framework- specifically SCOTUS’ recent ruling¹ (see footnote) which unquestionably reigned in the FTC’s power as it relates to enforcement action, injunctions, and the Court’s power to order “equitable relief”

Purpose of H.R. 2668

To amend the Federal Trade Commission Act to affirmatively confirm the authority of the Federal Trade Commission to seek permanent injunctions and other equitable relief for violations of any provision of law enforced by the Commission

• SEC. 2. FTC AUTHORITY TO SEEK PERMANENT INJUNC￾5 TIONS AND OTHER EQUITABLE RELIEF.

  • 6 (a) PERMANENT INJUNCTIONS AND OTHER EQUITABLE RELIEF.—Section 13 of the Federal Trade Commission Act (15 U.S.C. 53)

This particular section of the H. Res is important -and sure some can critique my spelling errors but that’s just childish and petty because if that’s the best insult you have then you’re more intellectually stunted then I thought. As previously discussed, here. There are numerous spelling and grammatical errors in our Constitution, our Declaration of Independence and hundreds (possibly thousands) of Court Opinions and briefs filed by both plaintiffs and defendants. But does that infer the lack of importance to the substance of the documents. Certainly not.

The reason this subsection is important is it clears up the previously ambiguous language that SCOTUS relied upon.

…at any rate - again it’s up to you on what you want to read or find important. Notwithstanding if someone takes the time to explain in non-legalese of why you should pay attention - maybe you should, or not. Like I said the choice is yours.

You can watch today’s markup via the House Energy & Commerce mark up - provided you’ve registered or via their YouTube channel

My aversion to refrain from amplifying the QANON-for-the-Left insanity is two fold; 1) giving oxygen to insane threads which read like the author is either intoxicated or high on drugs means the facts are harder to break the ever growing echo chamber of misinformation and disinformation, and 2) facts actually matter and if you understand the legislative and judicial branches then you can see how they act independently. Although ultimately they end up intertwining and that usually means the legislative branch needs to codify more “exacting” language—as is the case for H.R. 2668 particularly under the recent SCOTUS legal framework

And if what I’ve explained in this article is too complicated - well allow me to present an “old school” multimedia video of how our Legislative Branch works.

— at any rate having the feature of scheduled an article to publish at XYZ time is a nifty feature. Given how insane my schedule has been, because I spend my days shoving bonbons in my calorie hole —while simultaneously flicking beans… and adulting is entirely overrated. I’ll probably pop up later this afternoon

-Filey

1

19-508 AMG Capital Management, LLC v. FTC (04/22/2021) - Supreme Court

Holding: Section 13(b) does not authorize the Commission to seek, or a court to award, equitable monetary relief such as restitution or disgorgement.

JUSTICE BREYER delivered the [unanimous] opinion of the Court:

Section 13(b) of the Federal Trade Commission Act authorizes the Commission to obtain, “in proper cases,” a “permanent injunction” in federal court against “any per- son, partnership, or corporation” that it believes “is violating, or is about to violate, any provision of law” that the Commission enforces. 87 Stat. 592, 15 U. S. C. §53(b). The question presented is whether this statutory language authorizes the Commission to seek, and a court to award, equitable monetary relief such as restitution or disgorge ment.
We conclude that it does not.

Comments

[Karidoll14]

1. Had no idea we didn’t already have a standard playbook for CS attacks. Might wanna get that one done 😬

2. Wheeler copy and paste. JFC 🤬

3. Agree on HB 2928 and the following “voluntary” bills. We gotta be all in this together when it comes to cyber security, private sector or not.

Thank you Filey

[toad]

Queston?? I had a temp civilian position with the Govt. The password requirements were ridiculous. If the govt can be hacked, how does someone, illiterate in any form of cyberness, protect themselves? Do you have some quick tips?