S 4678 Introduced - FY 2025 Legislative Spending

Last month, Sen Reed (D,RI) introduced S 4678, the FY 2025 Agriculture, Rural Development, Food and Drug Administration, and Related Agencies bill. The Senate Appropriations Committee published their report on the bill. The bill contains no mention of cybersecurity or chemical safety issues. The Report includes multiple cybersecurity discussions.

Cybersecurity Discussion

On page 7, the “Committee directs Legislative Branch agencies to continue to take proactive steps to fully protect critical Information Technology [IT] infrastructure, including prevention of cyberattacks, assuring secure data storage, and ensuring continuity of government operations for all Branch agencies.”

On page 7, Committee directs Legislative Branch agencies to continue to take proactive steps to fully protect critical Information Technology [IT] infrastructure, including prevention of cyberattacks, assuring secure data storage, and ensuring continuity of government operations for all Branch agencies. The Committee directs Legislative Branch agencies to continue to take proactive steps to fully protect critical Information Technology [IT] infrastructure, including prevention of cyberattacks, assuring secure data storage, and ensuring continuity of government operations for all Branch agencies.

On pages 14 thru 16, under the discussion of the Office of The Sergeant at Arms and Doorkeeper, the report notes that the Committee want to be updated regularly as the SAA develops its strategic plan to modernize and harden the Senate’s cyber defense. Specifically, the SAA is expected to conduct third-party cybersecurity auditing services and resiliency assessments and provide enhanced cybersecurity training for each Senate office.

Moving Forward

The House version of this spending bill, HR 8772 [removed from paywall], was rejected by the House on a ‘bipartisan’ vote of 205 to 213 (ten Republicans voted Nay, three Democrats vote Yeah, so the vote was somewhat bipartisan). Technically, this means that the Senate cannot take up this bill, because all spending bills must originate in the House. That makes consideration of this bill low priority in the Senate.

Commentary

While there are a couple of places where the report discusses a Senate data center providing cloud support for Senate offices (see page 23 under ‘Cyber Tools’ for instance), there is no mention of the operational technology (cooling, power management, security management) that such centers require. While this apparent oversight may be just a matter of being lost in the weeds of spending concerns, I am concerned that it is more probably a failure of understanding about the differences in OT and IT security needs. While this may just be a lack of understanding on the Committee’s part, I am afraid that it may also reflect an oversight by the operations staff.