DHS/CISA may get administrative subpoena authority for subscriber information


The Cybersecurity Vulnerability Identification and Notification Act of 2019 would allow CISA to subpoena subscriber information for enterprise devices or systems [...]

Subpoenas would be issued when the director of CISA identifies internet connected systems with specific vulnerabilities, is unable to identify the entity at risk and "has reason to believe" it relates to critical infrastructure. The Senate bill, which was obtained by FCW, adds a provision not included in the original DHS proposal specifying that the authority cannot not be used for information relating to "personal devices and systems, such as consumer mobile devices, home computers, residential wireless routers, or residential Internet enabled consumer devices."