SPONSORED:

Lawmakers roll out bill to protect critical infrastructure after Florida water hack

Lawmakers roll out bill to protect critical infrastructure after Florida water hack
© Greg Nash

A group of bipartisan House lawmakers on Thursday introduced legislation intended to protect critical infrastructure from cyberattacks after an unsuccessful hack of a Florida water treatment facility.  

The Department of Homeland Security (DHS) Industrial Control Systems Enhancement Act, spearheaded by House Homeland Security Committee ranking member John KatkoJohn Michael KatkoHouse lawmakers roll out bill to invest 0 million in state and local cybersecurity Pentagon removing Chinese tech giant from blacklist after court loss Hillicon Valley: Feds eye more oversight of pipelines after Colonial attack | White House monitoring fuel shortages | Democrats urge Facebook to reverse WhatsApp update | Biden announces deal with Uber, Lyft for free vaccine rides MORE (R-N.Y.), would give more authority to the Cybersecurity and Infrastructure Security Agency (CISA) to protect critical systems against attacks.

The CISA director would be required to maintain the ability to detect and respond to attacks on industrial control systems, and also be able to provide assistance to critical infrastructure groups. 

ADVERTISEMENT

The director would also be required to collect and distribute information on vulnerabilities in systems to owners and operators.  

Lawmakers rolled the bill out a month after officials in Oldsmar, Fla., announced that a hacker had unsuccessfully attempted to tamper with systems at the town’s water treatment facility to poison the water.

The legislation is also being introduced as CISA continues to grapple with two major cyber espionage incidents likely involving Russian and Chinese hackers that have potentially compromised thousands of U.S. government and private sector troops.  

The bill’s co-sponsors include a range of key House cybersecurity leaders, including House Homeland Security Committee Chairman Bennie ThompsonBennie Gordon ThompsonHouse lawmakers roll out bill to invest 0 million in state and local cybersecurity House Democrats eye vote next week to form Jan. 6 commission Biden administration, Congress unite in effort to tackle ransomware attacks MORE (D-Miss.), cybersecurity subcommittee Chairwoman Yvette ClarkeYvette Diane ClarkeHillicon Valley: Global cybersecurity leaders say they feel unprepared for attack | Senate Commerce Committee advances Biden's FTC nominee Lina Khan | Senate panel approves bill that would invest billions in tech House lawmakers roll out bill to invest 0 million in state and local cybersecurity Feds eye more oversight of pipelines after Colonial attack MORE (D-N.Y.), cybersecurity subcommittee ranking member Andrew Garbarino (R-N.Y.), and Rep. Jim LangevinJames (Jim) R. LangevinFeds eye more oversight of pipelines after Colonial attack Lawmakers push for increased cybersecurity funds in annual appropriations Biden takes quick action on cyber in first 100 days MORE (D-R.I.), chair of the House Armed Services Committee’s cybersecurity subcommittee. 

Other co-sponsors are Reps. Don Bacon (R-Neb.), Kat Cammack (R-Fla.), Carlos Gimenez (R-Fla.), and John RutherfordJohn Henry RutherfordService dogs are saving veteran lives, despite limited access through VA Lawmakers roll out bill to protect critical infrastructure after Florida water hack Marjorie Taylor Greene's delay tactics frustrate GOP MORE (R-Fla).

ADVERTISEMENT

Katko on Thursday emphasized the need to strengthen CISA in the face of evolving threats and as it works to respond to several recent major cyberattacks.

“As I have said consistently, we need to continue to build centralized cybersecurity capacity with CISA where possible for the entire critical infrastructure community to voluntarily benefit from,” Katko said in a statement. “This important piece of legislation will solidify CISA’s lead role in protecting our nation’s critical infrastructure from cyber threats, particularly to our industrial control systems.” 

The House Homeland Security Committee and the House Oversight and Reform Committee are in the midst of an investigation into what has become known as the SolarWinds hack.  

The incident, discovered in December, involved sophisticated Russian hackers successfully compromising at least nine federal agencies and 100 private sector companies for around a year through exploiting software from IT group SolarWinds, among other methods. 

Top CISA officials discussed both the SolarWinds hack and recently uncovered vulnerabilities in Microsoft Exchange Servers exploited by Chinese hackers during a House subcommittee hearing earlier this week.  

Acting CISA Director Brandon Wales testified that $650 million approved by the House on Wednesday for CISA as part of the COVID-19 relief package would not be enough to fully confront current and future threats. 

“$650 million ... is a down payment. It accelerates some of these efforts, but this is going to require sustained investment,” Wales testified to the House Appropriations Homeland Security Subcommittee.