Senators campaign for clause to assess infrastructure cyber defenses

Senators campaign for clause to assess infrastructure cyber defenses
© Greg Nash

A bipartisan group of senators wants to ensure that the major cybersecurity legislation headed for President Obama’s desk includes a provision they believe would help defend the nation’s critical infrastructure against a cyberattack.

The clause would require the Department of Homeland Security (DHS) to assess the cybersecurity readiness at roughly 65 companies behind the nation’s infrastructure, and develop a plan for preventing a “catastrophic” cyberattack.


Eight senators wrote the House and Senate co-sponsors of the companion cyber bills, encouraging them to include the line in the final bill, which will be hammered out in conference in the coming months.

The cyber measures are intended to voluntarily encourage the private sector to share more information on hacking threats with the government. The House passed its two complementary measures in April, and the Senate followed by approving its companion bill in October.

As the two chambers come together to conference the bill, many are pushing to try and get their preferred portions included in the final text.

In Monday’s letter, eight senators insisted the DHS clause, written by Sen. Susan CollinsSusan Margaret CollinsLooking to the past to secure America's clean energy future Collins to endorse LePage in Maine governor comeback bid McConnell privately urged GOP senators to oppose debt ceiling hike MORE (R-Maine), was critical to creating a strong cybersecurity bill.

“Ample evidence, both classified and unclassified, testifies to the threat facing critical infrastructure and the deficiencies in the cybersecurity capability to defend them,” it reads.

Collins was joined on the letter by her Republican colleague Dan CoatsDaniel (Dan) Ray CoatsOvernight Hillicon Valley — Scrutiny over Instagram's impact on teens Former national security officials warn antitrust bills could help China in tech race Cyber preparedness could save America's 'unsinkable aircraft carrier' MORE (D-Ind.). Democratic Sens. Martin HeinrichMartin Trevor HeinrichOvernight Equilibrium/Sustainability — Presented by Schneider Electric — Deadly Ida floodwaters grip southeast US David Sirota: Seven Democrats who voted against fracking ban trying to secure future elections Deadly extreme heat has arrived: here's how policymakers can save lives MORE (N.M.), Mazie HironoMazie Keiko Hirono11 senators urge House to pass .5T package before infrastructure bill Dems punch back over GOP holdup of Biden SBA nominee Senate Democrats to Garland: 'It's time to end the federal death penalty' MORE (Hawaii), Barbara MikulskiBarbara Ann MikulskiHarris invites every female senator to dinner next week Will the real Lee Hamiltons and Olympia Snowes please stand up? Bottom line MORE (Md.), Mark WarnerMark Robert WarnerPanic begins to creep into Democratic talks on Biden agenda Democrats surprised, caught off guard by 'framework' deal Schumer announces Senate-House deal on tax 'framework' for .5T package MORE (Va.) and Jack ReedJack ReedTop Republican: General told senators he opposed Afghanistan withdrawal We have a plan that prioritizes Afghanistan's women — we're just not using it This week: Democrats kick off chaotic fall with Biden's agenda at stake MORE, and Sen. Angus KingAngus KingOvernight Energy & Environment — League of Conservation Voters — Climate summit chief says US needs to 'show progress' on environment Manchin, Barrasso announce bill to revegetate forests after devastating fires Rep. Tim Ryan becomes latest COVID-19 breakthrough case in Congress MORE (I-Maine) also signed the memo.

Lawmakers have been searching for ways to bolster the cyber defenses of critical infrastructure companies amid warnings from researchers and U.S. officials that the essential components, such as the power grid, are vulnerable to foreign hackers.

National Security Agency Director Adm. Michael Rogers recently told Congress that, on a scale of 1 to 10, the U.S. was at a “5 or 6” in its preparedness to defend its critical infrastructure against a major cyberattack.

The energy sector, in particular, has generated considerable concern, with lawmakers and researchers cautioning that the industry’s digital defenses are dangerously lagging and underfunded.

“In light of the cyber threat to critical infrastructure,” Collins recently said on the Senate floor, “the bare minimum we ought to do is to ask DHS and the appropriate federal agencies to describe what more could be done to prevent a catastrophic cyber attack on our critical infrastructure.”

Coalitions of industry groups — including those representing the financial, telecommunications and gas sectors — have pushed back against the provision. They believe it would infringe on the voluntary nature of the cyber bills and create “de facto regulatory mandates.” Under the bills, companies are not required to participate in any information exchange with the government.

The senators dismissed these claims in their letter, saying the clause “has been mischaracterized.”

The passage “is not counter to the overall voluntary nature of [the cyber bill], and it does not impose new incident reporting requirements,” the lawmakers insisted.

“Ironically, many of the trade associations who oppose this provision do not represent a single entity that would be covered,” they added.