Senators campaign for clause to assess infrastructure cyber defenses

Senators campaign for clause to assess infrastructure cyber defenses
© Greg Nash

A bipartisan group of senators wants to ensure that the major cybersecurity legislation headed for President Obama’s desk includes a provision they believe would help defend the nation’s critical infrastructure against a cyberattack.

The clause would require the Department of Homeland Security (DHS) to assess the cybersecurity readiness at roughly 65 companies behind the nation’s infrastructure, and develop a plan for preventing a “catastrophic” cyberattack.


Eight senators wrote the House and Senate co-sponsors of the companion cyber bills, encouraging them to include the line in the final bill, which will be hammered out in conference in the coming months.

The cyber measures are intended to voluntarily encourage the private sector to share more information on hacking threats with the government. The House passed its two complementary measures in April, and the Senate followed by approving its companion bill in October.

As the two chambers come together to conference the bill, many are pushing to try and get their preferred portions included in the final text.

In Monday’s letter, eight senators insisted the DHS clause, written by Sen. Susan CollinsSusan Margaret CollinsSusan Collins challenger hit with ethics complaints over reimbursements Overnight Health Care: Insurance lobby chief calls Biden, Sanders health plans 'similarly bad' | Trump officials appeal drug price disclosure ruling | Study finds 1 in 7 people ration diabetes medicine due to cost Collins downplays 2020 threat: 'Confident' reelection would go well if she runs MORE (R-Maine), was critical to creating a strong cybersecurity bill.

“Ample evidence, both classified and unclassified, testifies to the threat facing critical infrastructure and the deficiencies in the cybersecurity capability to defend them,” it reads.

Collins was joined on the letter by her Republican colleague Dan CoatsDaniel (Dan) Ray Coats10 declassified Russia collusion revelations that could rock Washington this fall 11 Essential reads you missed this week Trump crosses new line with Omar, Tlaib, Israel move MORE (D-Ind.). Democratic Sens. Martin HeinrichMartin Trevor HeinrichOvernight Defense: Dems talk Afghanistan, nukes at Detroit debate | Senate panel advances Hyten nomination | Iranian foreign minister hit with sanctions | Senate confirms UN ambassador Senate committee advances nomination of general accused of sexual assault House passes bill requiring CBP to enact safety, hygiene standards MORE (N.M.), Mazie HironoMazie Keiko HironoLawmakers urge DNC to name Asian American debate moderator Democratic senator on possibility of Trump standing up to the NRA: 'That's just such BS' Schumer to Trump: Demand McConnell hold vote on background check bill MORE (Hawaii), Barbara MikulskiBarbara Ann MikulskiLobbying World Only four Dem senators have endorsed 2020 candidates Raskin embraces role as constitutional scholar MORE (Md.), Mark WarnerMark Robert WarnerLawmakers sound alarm on China's disinformation campaign in Hong Kong Facebook users in lawsuit say company failed to warn them of known risks before 2018 breach New intel chief inherits host of challenges MORE (Va.) and Jack ReedJohn (Jack) Francis ReedSenate Democrats push for arms control language in defense policy bill What the gun safety debate says about Washington Senators ask for committee vote on 'red flag' bills after shootings MORE, and Sen. Angus KingAngus Stanley KingBipartisan panel to issue recommendations for defending US against cyberattacks early next year New intel chief inherits host of challenges Senators ask for committee vote on 'red flag' bills after shootings MORE (I-Maine) also signed the memo.

Lawmakers have been searching for ways to bolster the cyber defenses of critical infrastructure companies amid warnings from researchers and U.S. officials that the essential components, such as the power grid, are vulnerable to foreign hackers.

National Security Agency Director Adm. Michael Rogers recently told Congress that, on a scale of 1 to 10, the U.S. was at a “5 or 6” in its preparedness to defend its critical infrastructure against a major cyberattack.

The energy sector, in particular, has generated considerable concern, with lawmakers and researchers cautioning that the industry’s digital defenses are dangerously lagging and underfunded.

“In light of the cyber threat to critical infrastructure,” Collins recently said on the Senate floor, “the bare minimum we ought to do is to ask DHS and the appropriate federal agencies to describe what more could be done to prevent a catastrophic cyber attack on our critical infrastructure.”

Coalitions of industry groups — including those representing the financial, telecommunications and gas sectors — have pushed back against the provision. They believe it would infringe on the voluntary nature of the cyber bills and create “de facto regulatory mandates.” Under the bills, companies are not required to participate in any information exchange with the government.

The senators dismissed these claims in their letter, saying the clause “has been mischaracterized.”

The passage “is not counter to the overall voluntary nature of [the cyber bill], and it does not impose new incident reporting requirements,” the lawmakers insisted.

“Ironically, many of the trade associations who oppose this provision do not represent a single entity that would be covered,” they added.