HR 4510 Introduced

NTIA Reauthorization

Back in July, Rep Latta (R,OH) introduced HR 4510, the National Telecommunications and Information Administration Reauthorization Act of 2023. This bill is the latest version of the annual reauthorization process for the NTIAA. The major cybersecurity provisions within the bill are found in Title IV, Office of Policy Development and Cybersecurity. The bill would authorize $62 million in spending for NTIA for FY 2024 and FY 2025. The House Energy and Commerce Committee has amended HR 4510 and ordered it reported favorably.

Title IV Provisions

There are six sections within this Title:

• §401. Office of Policy Development and Cybersecurity.

• §402. Economic competitiveness of information and communication technology supply chain.

• §403. Digital Economy and Cybersecurity Board of Advisors.

• §404. Cybersecurity literacy.

• §405. Understanding cybersecurity of mobile networks.

• §406. Open RAN outreach.

Section 401 is very similar to the language found in HR 1345 that was passed in the House on July 26^th, 2023. One major difference between the two bills is that HR 4510 makes the head of the new Office of Policy Development and Cybersecurity a career position in the Senior Executive Service instead of a political appointee. This results in a number of wording changes in the proposed new 47 USC 110 reflecting the nuanced political and relational differences between that Associate Administrator and the Under Secretary responsible for NTIA.

The new duties of the renamed, and classified, Associate Administrator, include the following areas with impacts/influences on operational technology and industrial control systems:

• Develop, analyze, and advocate for market-based policies that promote innovation, competition, consumer access, digital inclusion, workforce development, and economic growth in the communications, media, and technology markets,

• Promote increased collaboration between security researchers and providers of communications services and software system developers,

• Advocate for policies that promote the security and resilience to cybersecurity incidents of communications networks while fostering innovation, including policies that promote secure communications network supply chains, and

• Perform such other duties regarding the policy responsibilities of the NTIA with respect to cybersecurity policy matters as the Under Secretary considers appropriate.

Mobile Network Cybersecurity Report

Section 405 requires NTIA to prepare a report for Congress “examining the cybersecurity of mobile service networks and the vulnerability of such networks and mobile devices to cyberattacks and surveillance conducted by adversaries.” The report would include a discussion of:

• The degree to which customers (including consumers, companies, and government agencies) consider cybersecurity as a factor when considering the purchase of mobile service and mobile devices,

• The commercial availability of tools, frameworks, best practices, and other resources for enabling such customers to evaluate cybersecurity risk and price tradeoffs,

• The degree to which providers of mobile service have implemented cybersecurity best practices and risk assessment frameworks,

• The barriers for providers of mobile service to adopt more efficacious encryption and authentication algorithms and techniques,

• The prevalence, usage, and availability of technologies that authenticate legitimate mobile service and mobile communications equipment or services to which mobile phones and other mobile devices are connected, and

• The prevalence, costs, commercial availability, and usage by adversaries in the United States of cell site simulators (often known as international mobile subscriber identity catchers) and other mobile service surveillance and interception technologies.

Committee Markup

On July 27^th, the House Energy and Commerce Committee held a business meeting that included consideration of HR 4510. The Committee considered substitute language offered by Rep Matsui (D,CA). In the new §110 included in §401 of the bill, the only change that was made was in §110(b)(3), adding the parenthetical phase “(or a designee of the Under Secretary)” at the end of the sentence. The substitute language was adopted and ordered recommended favorably by a unanimous recorded vote.

Moving Forward

As soon as the Committee publishes their report, this bill will be cleared for consideration by the full House. That will likely take place under the suspension of the rules process. This allows for limited debate, no floor amendments, and requires a supermajority for passage. The bill would probably pass with strong bipartisan support.