Senators campaign for clause to assess infrastructure cyber defenses

Senators campaign for clause to assess infrastructure cyber defenses
© Greg Nash

A bipartisan group of senators wants to ensure that the major cybersecurity legislation headed for President Obama’s desk includes a provision they believe would help defend the nation’s critical infrastructure against a cyberattack.

The clause would require the Department of Homeland Security (DHS) to assess the cybersecurity readiness at roughly 65 companies behind the nation’s infrastructure, and develop a plan for preventing a “catastrophic” cyberattack.

Eight senators wrote the House and Senate co-sponsors of the companion cyber bills, encouraging them to include the line in the final bill, which will be hammered out in conference in the coming months.

The cyber measures are intended to voluntarily encourage the private sector to share more information on hacking threats with the government. The House passed its two complementary measures in April, and the Senate followed by approving its companion bill in October.

As the two chambers come together to conference the bill, many are pushing to try and get their preferred portions included in the final text.

In Monday’s letter, eight senators insisted the DHS clause, written by Sen. Susan CollinsSusan Margaret CollinsCollins: 'Extremely disappointing' ObamaCare fix left out of spending deal Overnight Cybersecurity: Zuckerberg breaks silence on Cambridge Analytica | Senators grill DHS chief on election security | Omnibus to include election cyber funds | Bill would create 'bug bounty' for State GOP lawmakers blast Dems for opposing ObamaCare fix MORE (R-Maine), was critical to creating a strong cybersecurity bill.

“Ample evidence, both classified and unclassified, testifies to the threat facing critical infrastructure and the deficiencies in the cybersecurity capability to defend them,” it reads.

Collins was joined on the letter by her Republican colleague Dan CoatsDaniel (Dan) Ray CoatsGOP senator blocking Trump's Intel nominee NSA nominee sails through second confirmation hearing New attacks spark concerns about Iranian cyber threat MORE (D-Ind.). Democratic Sens. Martin HeinrichMartin Trevor HeinrichSenate Intel releases summary of election security report Revisiting America’s torture legacy Dems release interactive maps to make case against GOP tax law MORE (N.M.), Mazie HironoMazie Keiko HironoZinke defends use of Japanese word: How could saying good morning 'be bad'? Duckworth on Zinke's improper use of Japanese: ‘Racism is not ok’ Zinke criticized for 'juvenile' comment at hearing MORE (Hawaii), Barbara MikulskiBarbara Ann MikulskiDems ponder gender politics of 2020 nominee Robert Mueller's forgotten surveillance crime spree Clinton: White House slow-walking Russia sanctions MORE (Md.), Mark WarnerMark Robert WarnerZuckerberg: Maybe tech should face some regulations Dem senator responds to Zuckerberg: 'You need to come' testify Lawmakers zero in on Zuckerberg MORE (Va.) and Jack ReedJohn (Jack) Francis ReedOvernight Defense: Senate sides with Trump on military role in Yemen | Dem vets push for new war authorization on Iraq anniversary | General says time isn't 'right' for space corps Senate sides with Trump on providing Saudi military support Overnight Defense: Trump unveils new sanctions against Russia | Key Republicans back VA chief amid controversy | Trump gives boost to military 'space force' MORE, and Sen. Angus KingAngus Stanley KingLindsey Graham: Trump firing Mueller would 'probably' be impeachable offense Angus King: McCabe firing seemed 'mean-spirited' With bills on the table, Congress must heed the call to fix our national parks MORE (I-Maine) also signed the memo.

Lawmakers have been searching for ways to bolster the cyber defenses of critical infrastructure companies amid warnings from researchers and U.S. officials that the essential components, such as the power grid, are vulnerable to foreign hackers.

National Security Agency Director Adm. Michael Rogers recently told Congress that, on a scale of 1 to 10, the U.S. was at a “5 or 6” in its preparedness to defend its critical infrastructure against a major cyberattack.

The energy sector, in particular, has generated considerable concern, with lawmakers and researchers cautioning that the industry’s digital defenses are dangerously lagging and underfunded.

“In light of the cyber threat to critical infrastructure,” Collins recently said on the Senate floor, “the bare minimum we ought to do is to ask DHS and the appropriate federal agencies to describe what more could be done to prevent a catastrophic cyber attack on our critical infrastructure.”

Coalitions of industry groups — including those representing the financial, telecommunications and gas sectors — have pushed back against the provision. They believe it would infringe on the voluntary nature of the cyber bills and create “de facto regulatory mandates.” Under the bills, companies are not required to participate in any information exchange with the government.

The senators dismissed these claims in their letter, saying the clause “has been mischaracterized.”

The passage “is not counter to the overall voluntary nature of [the cyber bill], and it does not impose new incident reporting requirements,” the lawmakers insisted.

“Ironically, many of the trade associations who oppose this provision do not represent a single entity that would be covered,” they added.