Two senators unveiled bipartisan legislation on Thursday that would give the Department of Homeland Security’s (DHS) cyber agency the ability to subpoena internet service providers to increase transparency about cyber vulnerabilities.
The bill from Sens. Ron JohnsonRonald (Ron) Harold JohnsonWisconsin senators ask outsiders not to exploit parade attack 'for their own political purposes' It's time to bury ZombieCare once and for all Marjorie Taylor Greene introduces bill to award Congressional Gold Medal to Rittenhouse MORE (R-Wis.) and Maggie HassanMargaret (Maggie) HassanBiden signs four bills aimed at helping veterans Constant threats to government funding fail the American public Senators call for Smithsonian Latino, women's museums to be built on National Mall MORE (D-N.H.), gives the DHS Cybersecurity and Infrastructure Security Agency (CISA) the power to issue subpoenas to obtain information about potential cyber vulnerabilities related to critical infrastructure, such as in the electric grid or dams.
CISA would then be able to warn the critical infrastructure companies targeted of the potential dangers found by internet service providers.
The legislation was put together following a request from DHS in July, asking that Congress give CISA subpoena power to force telecommunications companies to provide information on whether critical devices and systems were threatened by cyber attacks.
Johnson, who serves as chairman of the Senate Homeland Security and Governmental Affairs Committee, said in a statement on Thursday that “every day, CISA is made aware of vulnerabilities to these systems – some easily fixable – but is powerless to warn the potential victims.”
“This legislation gives CISA the authority necessary to reach out and warn owners of critical infrastructure that they are open and vulnerable to cyberattacks before they become a victim,” Johnson said. “We ask Americans: if you see something, say something. With this legislation we are empowering CISA to do the same.”
Hassan, who is a member of the Senate Homeland Security Committee and who has made cybersecurity a priority while in office, emphasized in a statement that “an attack on critical infrastructure could have devastating consequences, from shutting down heating and cooling systems of hospitals to manipulating industrial controls of water treatment facilities to blacking out an entire city.”
Hassan noted that “CISA already has a system to identify cybersecurity vulnerabilities in critical infrastructure, and the bipartisan bill we are introducing today helps to ensure that if CISA finds a vulnerability, it has the tools and information it needs to reach out to the entity maintaining the system.”
The new bill would also require CISA to compile an annual report to Congress on the number of vulnerabilities that were successfully dealt with through subpoenas, and the amount of critical infrastructure companies that were warned of threats by CISA.
On the other side of Capitol Hill, key members of the House expressed support for the bill on Thursday.
Asked by The Hill about the new bill, Rep. Bennie ThompsonBennie Gordon ThompsonJan. 6 panel releases contempt report on Trump DOJ official ahead of censure vote Meadows reaches initial cooperation deal with Jan. 6 committee The Hill's Morning Report - Presented by Facebook - The omicron threat and Biden's plan to beat it MORE (D-Miss.), the chairman of the House Homeland Security Committee, said that it “makes a lot of sense.”
Rep. James Langevin (D-R.I.), the former chairman of the House Homeland Security Committee’s cybersecurity subcommittee, told The Hill that “erring on the side of more disclosure is better.”
“I believe that we need incident reporting data, vulnerability disclosures are important for understanding the threats and being able to share that information, so it’s something that likely I would support, but I want to look at the bill more closely,” Langevin added.