WASHINGTON, D.C. – U.S. Senators Gary Peters (D-MI) and Rob Portman (R-OH), Chairman and Ranking Member of the Homeland Security and Governmental Affairs Committee, and Marco Rubio (R-FL) and Mark Warner (D-VA), Vice Chair and Chairman of the Senate Select Committee on Intelligence, introduced bipartisan legislation to help safeguard our nation’s critical infrastructure networks against cybersecurity threats. The bill would require the Cybersecurity and Infrastructure Security Agency (CISA) to ensure they can better identify and mitigate threats to Industrial Control Systems – the operational technology involved in operating the function of critical infrastructure networks like pipelines, and water and electric utilities. The bill is the Senate companion to legislation introduced by U.S. Representative John Katko, Ranking Member of the House Homeland Security Committee that has already passed the House unanimously.
“As foreign adversaries and the criminal organizations they harbor continue to target our critical infrastructure systems, it is essential we work to protect these networks from attacks that can lead to significant harm to the American people,” said Senator Peters. “This bipartisan, commonsense bill will help shore up the defenses of critical infrastructure networks and address vulnerabilities in products and technologies that help operate them.”
“Attacks like the one against Colonial Pipeline show the real-world implications that cyberattacks against critical infrastructure can have,” said Senator Portman. “CISA’s role to play in supporting critical infrastructure owners and operators is crucial. I am pleased to join my bipartisan colleagues in introducing this bill to ensure CISA can better defend against threats and increase the cybersecurity of critical infrastructure.”
“As made clear by the recent attacks on Colonial Pipeline and SolarWinds, we need to do more to protect American critical infrastructure and industries from cyber-attacks,” said Senator Rubio. “Bad actors, often based in China or Russia, will stop at nothing to take advantage of any vulnerability in U.S. infrastructure. We need to strengthen our cyber defenses to more quickly detect and prevent these targeted attacks on our most critical industries.”
“The trend over the last decade to interconnect, automate, and in some cases bring online industrial controls has introduced significant cyber vulnerabilities, attack vectors and even potential systemic risk,” said Senator Warner. “The federal government needs to understand these risks and help our critical infrastructure sectors prepare for and defend against these threats, and this bill takes a good step forward in doing that.”
Critical infrastructure companies in the United States have seen a stark rise in cyber-attacks. Earlier this year, hackers breached the network of a major oil pipeline forcing the company to shut down over 5,500 miles of pipeline – leading to increased prices and gas shortage for communities across the East Coast. Prior to that, malicious cyber actors took control of a Florida wastewater treatment plant’s computer system that allowed hackers to temporarily tamper with Americans’ water supply. These attacks, and others, highlighted the urgent need to secure critical infrastructure systems from foreign adversaries and criminal organizations who are relentless in their pursuit to exploit vulnerabilities and infiltrate networks.
The DHS Industrial Control Systems Capabilities Enhancement Act directs CISA to lead federal efforts to better identify and respond to threats against Industrial Control Systems and the critical infrastructure networks they help operate. The legislation also requires CISA to provide technical assistance to public and private sector entities on how they can work to identify and mitigate vulnerabilities in their operational technology systems. The bill would also ensure CISA shares information on cyber threats with users of Industrial Control Systems and provides a briefing to Congress on its ability to protect these critical systems. Finally, the legislation would require the Government Accountability Office to produce a report on its implementation and CISA’s capabilities to fulfill this mandate.