The US House Homeland Security Committee on Wednesday has advanced measures to bolster security of systems that power critical infrastructure such as the electric grid and other essential services in the United States. This bill would further improve and expand efforts undertaken by the Department of Homeland Security to identify, detect and mitigate any threats that could threaten industrial control systems.
The bill aims to introduce changes to the Homeland Security Act of 2002 and direct DHS’s National Cybersecurity and Communications Integration Center to “maintain capabilities to identify and address threats and vulnerabilities to products and technologies intended for use in the automated control of critical infrastructure processes.”
This department would therefore be authorized to offer and provide technical assistance to manufacturers, end users and industry stakeholders to identify and mitigate any vulnerabilities that may impact these critical systems. It would also establish additional safeguards to protect the country’s critical sectors including power and water systems, manufacturing, transportation, energy and more.
Rep. Don Bacon (R-Neb.), who sponsored and presented the legislation, made a reference to the attack on Pearl Harbor saying “the next December 7 won’t be a strictly kinestic attack with missiles and torpedoes, but will be paired with cyberattacks to our private sector functions.”
“We know we are vulnerable now to these cyberattacks on our energy grid,” Bacon added. “The time is now to start building that resiliency in our energy grid.”
The bill comes after security researchers have warned threat actors are increasingly targeting critical infrastructure sectors using a multitude of cyber attack campaigns and increasingly sophisticated weapons and tools. In some cases, hackers managed to breach energy sector networks to access information on industrial industrial control and supervisory control and data acquisition (SCADA) systems.
The bill would "lead, in coordination with relevant sector-specific agencies, Federal Government efforts to identify and mitigate cybersecurity threats to industrial control systems, including supervisory control and data acquisition systems.
Rep. Jim Langevin (D-R.I.) has also added an amendment to the bill that allows the committee to set up a vulnerability coordination program at the DHS to help disclose any previously unknown vulnerabilities in the industrial control system sector that must be disclosed to the industry and mitigated.
The bill also directed the department to brief the congress about the efforts taken to protect industrial control systems twice a year for four years after the enactment of the bill.
“Industrial control systems perform essential functions in managing the operation of electric power generators, medical devices, water treatment facilities, manufacturing processes and so much more,” Bacon said in a statement. “If these critical applications were to be disrupted or damaged, our nation could face catastrophic consequences to our national and economic security, and public health and safety.”