The bipartisan leaders of two Senate committees on Thursday introduced legislation to shore up the cybersecurity of critical infrastructure after months of crippling cyberattacks.
The Department of Homeland Security (DHS) Industrial Control Systems Capabilities Enhancement Act would direct the Cybersecurity and Infrastructure Security Agency (CISA) to lead efforts to understand threats against industrial control systems.
The bill would also require CISA to provide cybersecurity assistance to public and private groups to help defend these critical systems, along with sharing more information on threats to industrial control systems.
The legislation is sponsored by Senate Homeland Security Committee Chairman Gary PetersGary PetersFreedomWorks misfires on postal reform Senators call on Taiwan for aid in automotive chip shortage Lawmakers raise concerns over federal division of cybersecurity responsibilities MORE (D-Mich.) and ranking member Rob PortmanRobert (Rob) Jones PortmanEmboldened Trump takes aim at GOP foes Overnight On The Money — Presented by Wells Fargo — GOP senator: It's 'foolish' to buy Treasury bonds Senate lawmakers let frustration show with Blinken MORE (R-Ohio), alongside Senate Intelligence Committee Chairman Mark WarnerMark Robert WarnerAdvocates call on top Democrats for 0B in housing investments Democrats draw red lines in spending fight Manchin puts foot down on key climate provision in spending bill MORE (D-Va.) and Vice Chairman Marco RubioMarco Antonio RubioMilley says calls to China were 'perfectly within the duties' of his job Overnight Defense & National Security — Milley becomes lightning rod Joint Chiefs Chairman Milley becomes lightning rod on right MORE (R-Fla.).
The House version of the bill was passed earlier this week, where it is sponsored by more than a dozen co-sponsors led by House Homeland Security Committee ranking member John KatkoJohn Michael KatkoEmboldened Trump takes aim at GOP foes McCarthy-allied fundraising group helps Republicans who voted to impeach Trump Bipartisan House group introduces legislation to set term limit for key cyber leader MORE (R-N.Y.).
Both Senate committees in recent weeks have been working on legislation to respond to a recent string of major cyberattacks.
These have included the SolarWinds hack, which allowed Russian government-linked hackers to compromise nine U.S. federal agencies, along with ransomware attacks on Colonial Pipeline and meat producer JBS USA, which threatened critical supply chains.
“As foreign adversaries and the criminal organizations they harbor continue to target our critical infrastructure systems, it is essential we work to protect these networks from attacks that can lead to significant harm to the American people,” Peters said in a statement Thursday. “This bipartisan, commonsense bill will help shore up the defenses of critical infrastructure networks and address vulnerabilities in products and technologies that help operate them.”
Portman stressed separately that the recent attacks, such as that on Colonial Pipeline that led to fuel shortages in multiple states, “show the real-world implications that cyberattacks against critical infrastructure can have.”
“CISA’s role to play in supporting critical infrastructure owners and operators is crucial,” Portman said. “I am pleased to join my bipartisan colleagues in introducing this bill to ensure CISA can better defend against threats and increase the cybersecurity of critical infrastructure.”
The bill was introduced the day after Warner, Rubio, and all but three members of the Senate Intelligence Committee introduced a separate bill that would require federal agencies, federal contractors, and owners and operators of critical infrastructure to report cyber incidents to CISA within 24 hours of them occurring.
The bill is designed to give the government more transparency into cyberattacks on critical U.S. groups, with Warner emphasizing Thursday the need to do more to defend against malicious hackers.
“The trend over the last decade to interconnect, automate, and in some cases bring online industrial controls has introduced significant cyber vulnerabilities, attack vectors and even potential systemic risk,” Warner said in a statement. “The federal government needs to understand these risks and help our critical infrastructure sectors prepare for and defend against these threats, and this bill takes a good step forward in doing that.”
The SolarWinds attack and the ransomware attacks on Colonial Pipeline and JBS, along with the more recent attack on software company Kaseya, have all been linked to either Russian government hackers or cyber criminal groups believed to be based in Russia.
The exploitation of vulnerabilities in Microsoft’s Exchange Server earlier this year that compromised thousands of companies was attributed by the U.S. and other allied nations earlier this week to China-linked hackers.
Rubio underlined the threats continuously posed to the U.S. by foreign nations such as Russia and China.
“As made clear by the recent attacks on Colonial Pipeline and SolarWinds, we need to do more to protect American critical infrastructure and industries from cyber-attacks,” Rubio said in a statement. “Bad actors, often based in China or Russia, will stop at nothing to take advantage of any vulnerability in U.S. infrastructure. We need to strengthen our cyber defenses to more quickly detect and prevent these targeted attacks on our most critical industries.”