Last month Rep McCaul (R,TX) introduced HR 1251, the Cyber
Diplomacy Act of 2021. The bill would establish an international cyber policy “to
work internationally to promote an open, interoperable, reliable, unfettered,
and secure Internet governed by the multi-stakeholder model” {§4(a)}.

360 Mobile Vision - 360mobilevision.com North & South Carolina Security products and Systems Installations for Commercial and Residential - $55 Hourly Rate. ACCESS CONTROL, INTRUSION ALARM, ACCESS CONTROLLED GATES, INTERCOMS AND CCTV INSTALL OR REPAIR 360 Mobile Vision - 360mobilevision.com is committed to excellence in every aspect of our business. We uphold a standard of integrity bound by fairness, honesty and personal responsibility. Our distinction is the quality of service we bring to our customers. Accurate knowledge of our trade combined with ability is what makes us true professionals. Above all, we are watchful of our customers interests, and make their concerns the basis of our business.

Definitions

Section 3 of the bill establishes the definitions for three
key terms used in the bill, the most important of which is ‘information and
communications technology’ (ICT). That term is defined as “hardware, software,
and other products or services primarily intended to fulfill or enable the
function of information processing and communication by electronic means,
including transmission and display, including via the Internet” {§3(2)}.

Policy Objectives

In implementing this policy, the bill requires the President
to pursue the following objectives {§4(b)}:

• Clarifying the applicability of
international laws and norms to the use of ICT.

• Reducing and limiting the risk of
escalation and retaliation in cyberspace, damage to critical infrastructure,
and other malicious cyber activity that impairs the use and operation of
critical infrastructure that provides services to the public,

• Cooperating with like-minded
democratic countries that share common values and cyberspace policies with the
United States, including respect for human rights, democracy, and the rule of
law, to advance such values and policies internationally,

• Encouraging the responsible
development of new, innovative technologies and ICT products that strengthen a
secure Internet architecture that is accessible to all,

• Securing and implementing
commitments on responsible country behavior in cyberspace based upon accepted
norms, and

• Advancing, encouraging, and
supporting the development and adoption of internationally recognized technical
standards and best practices.

Among the ‘accepted norms’ that the bill would require the
President to support would be {§4(b)(5)(C)}:

“Countries should not conduct or
knowingly support ICT activity that, contrary to international law,
intentionally damages or otherwise impairs the use and operation of critical
infrastructure providing services to the public, and should take appropriate
measures to protect their critical infrastructure from ICT threats.”

Moving Forward

This bill was considered by the House Foreign Affairs
Committee on February 25th, 2021. It was amended with substitute
language (not currently available) and approved by the Committee (as part of an
en bloc consideration) by voice vote. That would indicate wide bipartisan support
for the bill which should carry over to the floor of the House. It is likely
that the bill would be considered under the suspension of the rules process in
the House.

Commentary

This is primarily an information and communications
technology security bill. The new ICT terminology is an interesting expansion
of the information technology concept to specifically include the necessary communications
aspects that are really key to the efficacy of IT operations and security.

The one objective that seems to address industrial control
system security is the oddly worded:

“Reducing and limiting the risk of escalation and
retaliation in cyberspace, damage to critical infrastructure, and other
malicious cyber activity that impairs the use and operation of critical
infrastructure that provides services to the public,”

Parsing that out, there are two specifically operational technology
related provisions that would attempt to reduce and limit:

• Damage to critical
infrastructure, and

• Other malicious cyber activity
that that impairs the use and operation of critical infrastructure that
provides services to the public.

That, combined with the ‘accepted norm’ described above,
would seem to make it clear that preventing cyber attacks on critical
operational technology will be a key part of the foreign policy of the United
States. How the crafters of this bill expect the President and the State Department
to accomplish this by diplomatic means is unclear.

By admin