Senators campaign for clause to assess infrastructure cyber defenses

Senators campaign for clause to assess infrastructure cyber defenses
© Greg Nash

A bipartisan group of senators wants to ensure that the major cybersecurity legislation headed for President Obama’s desk includes a provision they believe would help defend the nation’s critical infrastructure against a cyberattack.

The clause would require the Department of Homeland Security (DHS) to assess the cybersecurity readiness at roughly 65 companies behind the nation’s infrastructure, and develop a plan for preventing a “catastrophic” cyberattack.

Eight senators wrote the House and Senate co-sponsors of the companion cyber bills, encouraging them to include the line in the final bill, which will be hammered out in conference in the coming months.

The cyber measures are intended to voluntarily encourage the private sector to share more information on hacking threats with the government. The House passed its two complementary measures in April, and the Senate followed by approving its companion bill in October.

As the two chambers come together to conference the bill, many are pushing to try and get their preferred portions included in the final text.

In Monday’s letter, eight senators insisted the DHS clause, written by Sen. Susan CollinsSusan Margaret CollinsOvernight Health Care: 3.6M signed up for ObamaCare in first month | Ryan pledges 'entitlement reform' next year | Dems push for more money to fight opioids Study: ObamaCare bills backed by Collins would lower premiums Right scrambles GOP budget strategy MORE (R-Maine), was critical to creating a strong cybersecurity bill.

“Ample evidence, both classified and unclassified, testifies to the threat facing critical infrastructure and the deficiencies in the cybersecurity capability to defend them,” it reads.

Collins was joined on the letter by her Republican colleague Dan CoatsDaniel (Dan) Ray CoatsNational counterterrorism chief to retire at the end of year Former intel chief Hayden: Think twice on a Trump job offer Counterintelligence needs reboot for 21st century MORE (D-Ind.). Democratic Sens. Martin HeinrichMartin Trevor HeinrichAvalanche of Democratic senators say Franken should resign Senators introduce bipartisan gun background check bill Dem senator: 'Super close' on bipartisan deal on guns MORE (N.M.), Mazie HironoMazie Keiko HironoDemocrats turn on Al Franken The Hill's 12:30 Report Avalanche of Democratic senators say Franken should resign MORE (Hawaii), Barbara MikulskiBarbara MikulskiClinton: White House slow-walking Russia sanctions Top Lobbyists 2017: Hired Guns Gore wishes Mikulski a happy birthday at 'Inconvenient Sequel' premiere MORE (Md.), Mark WarnerMark Robert WarnerSenate panel moves forward with bill to roll back Dodd-Frank Comey back in the spotlight after Flynn makes a deal Warner: Every week another shoe drops in Russia investigation MORE (Va.) and Jack ReedJohn (Jack) Raymond ReedSenate panel moves forward with bill to roll back Dodd-Frank Army leader on waiver report: 'There's been no change in standards' 15 Dems urge FEC to adopt new rules for online political ads MORE, and Sen. Angus KingAngus Stanley KingTrump rips Dems a day ahead of key White House meeting Trump pushing Maine gov to run for Senate: report Schumer: Franken should resign MORE (I-Maine) also signed the memo.

Lawmakers have been searching for ways to bolster the cyber defenses of critical infrastructure companies amid warnings from researchers and U.S. officials that the essential components, such as the power grid, are vulnerable to foreign hackers.

National Security Agency Director Adm. Michael Rogers recently told Congress that, on a scale of 1 to 10, the U.S. was at a “5 or 6” in its preparedness to defend its critical infrastructure against a major cyberattack.

The energy sector, in particular, has generated considerable concern, with lawmakers and researchers cautioning that the industry’s digital defenses are dangerously lagging and underfunded.

“In light of the cyber threat to critical infrastructure,” Collins recently said on the Senate floor, “the bare minimum we ought to do is to ask DHS and the appropriate federal agencies to describe what more could be done to prevent a catastrophic cyber attack on our critical infrastructure.”

Coalitions of industry groups — including those representing the financial, telecommunications and gas sectors — have pushed back against the provision. They believe it would infringe on the voluntary nature of the cyber bills and create “de facto regulatory mandates.” Under the bills, companies are not required to participate in any information exchange with the government.

The senators dismissed these claims in their letter, saying the clause “has been mischaracterized.”

The passage “is not counter to the overall voluntary nature of [the cyber bill], and it does not impose new incident reporting requirements,” the lawmakers insisted.

“Ironically, many of the trade associations who oppose this provision do not represent a single entity that would be covered,” they added.