Senate bill would give DHS cyber agency subpoena powers

Senate bill would give DHS cyber agency subpoena powers
© Getty

Two senators unveiled bipartisan legislation on Thursday that would give the Department of Homeland Security’s (DHS) cyber agency the ability to subpoena internet service providers to increase transparency about cyber vulnerabilities.

The bill from Sens. Ron JohnsonRonald (Ron) Harold JohnsonCongress eyes tighter restrictions on next round of small business help Republicans fear backlash over Trump's threatened veto on Confederate names GOP senators debate replacing Columbus Day with Juneteenth as a federal holiday MORE (R-Wis.) and Maggie HassanMargaret (Maggie) HassanSenators press IRS chief on stimulus check pitfalls Hillicon Valley: Livestreaming service Twitch suspends Trump account | Reddit updates hate speech policy, bans subreddits including The_Donald | India bans TikTok Senators move to boost state and local cybersecurity as part of annual defense bill MORE (D-N.H.), gives the DHS Cybersecurity and Infrastructure Security Agency (CISA) the power to issue subpoenas to obtain information about potential cyber vulnerabilities related to critical infrastructure, such as in the electric grid or dams. 

CISA would then be able to warn the critical infrastructure companies targeted of the potential dangers found by internet service providers.

ADVERTISEMENT

The legislation was put together following a request from DHS in July, asking that Congress give CISA subpoena power to force telecommunications companies to provide information on whether critical devices and systems were threatened by cyber attacks. 

Johnson, who serves as chairman of the Senate Homeland Security and Governmental Affairs Committee, said in a statement on Thursday that “every day, CISA is made aware of vulnerabilities to these systems – some easily fixable – but is powerless to warn the potential victims.”

“This legislation gives CISA the authority necessary to reach out and warn owners of critical infrastructure that they are open and vulnerable to cyberattacks before they become a victim,” Johnson said. “We ask Americans: if you see something, say something. With this legislation we are empowering CISA to do the same.”

Hassan, who is a member of the Senate Homeland Security Committee and who has made cybersecurity a priority while in office, emphasized in a statement that “an attack on critical infrastructure could have devastating consequences, from shutting down heating and cooling systems of hospitals to manipulating industrial controls of water treatment facilities to blacking out an entire city.”

Hassan noted that “CISA already has a system to identify cybersecurity vulnerabilities in critical infrastructure, and the bipartisan bill we are introducing today helps to ensure that if CISA finds a vulnerability, it has the tools and information it needs to reach out to the entity maintaining the system.”

ADVERTISEMENT

The new bill would also require CISA to compile an annual report to Congress on the number of vulnerabilities that were successfully dealt with through subpoenas, and the amount of critical infrastructure companies that were warned of threats by CISA. 

On the other side of Capitol Hill, key members of the House expressed support for the bill on Thursday. 

Asked by The Hill about the new bill, Rep. Bennie ThompsonBennie Gordon ThompsonHouse to vote on removing bust of Supreme Court justice who wrote Dred Scott ruling Black Caucus unveils next steps to combat racism Black Caucus rallies behind Meeks for Foreign Affairs gavel MORE (D-Miss.), the chairman of the House Homeland Security Committee, said that it “makes a lot of sense.”

Rep. James Langevin (D-R.I.), the former chairman of the House Homeland Security Committee’s cybersecurity subcommittee, told The Hill that “erring on the side of more disclosure is better.”

“I believe that we need incident reporting data, vulnerability disclosures are important for understanding the threats and being able to share that information, so it’s something that likely I would support, but I want to look at the bill more closely,” Langevin added.