SPONSORED:

Lawmakers roll out bill to protect critical infrastructure after Florida water hack

Lawmakers roll out bill to protect critical infrastructure after Florida water hack
© Greg Nash

A group of bipartisan House lawmakers on Thursday introduced legislation intended to protect critical infrastructure from cyberattacks after an unsuccessful hack of a Florida water treatment facility.  

The Department of Homeland Security (DHS) Industrial Control Systems Enhancement Act, spearheaded by House Homeland Security Committee ranking member John KatkoJohn Michael KatkoHouse lawmakers roll out legislation to protect schools against hackers Colonial Pipeline may use recovered ransomware attack funds to boost cybersecurity In shot at Manchin, Pelosi calls for Senate to strengthen voting rights MORE (R-N.Y.), would give more authority to the Cybersecurity and Infrastructure Security Agency (CISA) to protect critical systems against attacks.

The CISA director would be required to maintain the ability to detect and respond to attacks on industrial control systems, and also be able to provide assistance to critical infrastructure groups. 

ADVERTISEMENT

The director would also be required to collect and distribute information on vulnerabilities in systems to owners and operators.  

Lawmakers rolled the bill out a month after officials in Oldsmar, Fla., announced that a hacker had unsuccessfully attempted to tamper with systems at the town’s water treatment facility to poison the water.

The legislation is also being introduced as CISA continues to grapple with two major cyber espionage incidents likely involving Russian and Chinese hackers that have potentially compromised thousands of U.S. government and private sector troops.  

The bill’s co-sponsors include a range of key House cybersecurity leaders, including House Homeland Security Committee Chairman Bennie ThompsonBennie Gordon ThompsonLobbying world Hillicon Valley: Biden gives TikTok and WeChat a reprieve | Colonial Pipeline CEO addresses Congress again | Thomson Reuters shareholders want review of ICE ties Colonial Pipeline may use recovered ransomware attack funds to boost cybersecurity MORE (D-Miss.), cybersecurity subcommittee Chairwoman Yvette ClarkeYvette Diane ClarkeTSA working on additional pipeline security regulations following Colonial Pipeline hack School districts struggle to defend against rising ransomware attacks Hillicon Valley: Democrats urge Facebook to abandon 'Instagram for kids' plan | 'Homework gap' likely to persist after pandemic MORE (D-N.Y.), cybersecurity subcommittee ranking member Andrew Garbarino (R-N.Y.), and Rep. Jim LangevinJames (Jim) R. LangevinHillicon Valley: Senate unanimously confirms Chris Inglis as first White House cyber czar | Scrutiny mounts on Microsoft's surveillance technology | Senators unveil bill to crack down on cyber criminals Senate confirms Chris Inglis as first White House cyber czar House lawmakers roll out legislation to protect schools against hackers MORE (D-R.I.), chair of the House Armed Services Committee’s cybersecurity subcommittee. 

Other co-sponsors are Reps. Don Bacon (R-Neb.), Kat Cammack (R-Fla.), Carlos Gimenez (R-Fla.), and John RutherfordJohn Henry RutherfordService dogs are saving veteran lives, despite limited access through VA Lawmakers roll out bill to protect critical infrastructure after Florida water hack Marjorie Taylor Greene's delay tactics frustrate GOP MORE (R-Fla).

ADVERTISEMENT

Katko on Thursday emphasized the need to strengthen CISA in the face of evolving threats and as it works to respond to several recent major cyberattacks.

“As I have said consistently, we need to continue to build centralized cybersecurity capacity with CISA where possible for the entire critical infrastructure community to voluntarily benefit from,” Katko said in a statement. “This important piece of legislation will solidify CISA’s lead role in protecting our nation’s critical infrastructure from cyber threats, particularly to our industrial control systems.” 

The House Homeland Security Committee and the House Oversight and Reform Committee are in the midst of an investigation into what has become known as the SolarWinds hack.  

The incident, discovered in December, involved sophisticated Russian hackers successfully compromising at least nine federal agencies and 100 private sector companies for around a year through exploiting software from IT group SolarWinds, among other methods. 

Top CISA officials discussed both the SolarWinds hack and recently uncovered vulnerabilities in Microsoft Exchange Servers exploited by Chinese hackers during a House subcommittee hearing earlier this week.  

Acting CISA Director Brandon Wales testified that $650 million approved by the House on Wednesday for CISA as part of the COVID-19 relief package would not be enough to fully confront current and future threats. 

“$650 million ... is a down payment. It accelerates some of these efforts, but this is going to require sustained investment,” Wales testified to the House Appropriations Homeland Security Subcommittee.