The bipartisan leaders of two Senate committees on Thursday introduced legislation to shore up the cybersecurity of critical infrastructure after months of crippling cyberattacks.
The Department of Homeland Security (DHS) Industrial Control Systems Capabilities Enhancement Act would direct the Cybersecurity and Infrastructure Security Agency (CISA) to lead efforts to understand threats against industrial control systems.
The bill would also require CISA to provide cybersecurity assistance to public and private groups to help defend these critical systems, along with sharing more information on threats to industrial control systems.
The legislation is sponsored by Senate Homeland Security Committee Chairman Gary PetersGary PetersHere’s evidence the Senate confirmation process is broken Hillicon Valley: Democrats introduce bill to hold platforms accountable for misinformation during health crises | Website outages hit Olympics, Amazon and major banks Senators introduce bipartisan bill to secure critical groups against hackers MORE (D-Mich.) and ranking member Rob PortmanRobert (Rob) Jones PortmanSunday shows preview: Bipartisan infrastructure talks drag on; Democrats plow ahead with Jan. 6 probe Key Biden ally OK with dropping transit from infrastructure package Frustration builds as infrastructure talks drag MORE (R-Ohio), alongside Senate Intelligence Committee Chairman Mark WarnerMark Robert WarnerSunday shows preview: Bipartisan infrastructure talks drag on; Democrats plow ahead with Jan. 6 probe Hillicon Valley: Democrats introduce bill to hold platforms accountable for misinformation during health crises | Website outages hit Olympics, Amazon and major banks Senators introduce bipartisan bill to secure critical groups against hackers MORE (D-Va.) and Vice Chairman Marco RubioMarco Antonio RubioBipartisan congressional commission urges IOC to postpone, relocate Beijing Games Hillicon Valley: Democrats introduce bill to hold platforms accountable for misinformation during health crises | Website outages hit Olympics, Amazon and major banks Senators introduce bipartisan bill to secure critical groups against hackers MORE (R-Fla.).
The House version of the bill was passed earlier this week, where it is sponsored by more than a dozen co-sponsors led by House Homeland Security Committee ranking member John KatkoJohn Michael KatkoSenators introduce bipartisan bill to secure critical groups against hackers House erupts in anger over Jan. 6 and Trump’s role McCarthy yanks all GOP picks from Jan. 6 committee MORE (R-N.Y.).
Both Senate committees in recent weeks have been working on legislation to respond to a recent string of major cyberattacks.
These have included the SolarWinds hack, which allowed Russian government-linked hackers to compromise nine U.S. federal agencies, along with ransomware attacks on Colonial Pipeline and meat producer JBS USA, which threatened critical supply chains.
“As foreign adversaries and the criminal organizations they harbor continue to target our critical infrastructure systems, it is essential we work to protect these networks from attacks that can lead to significant harm to the American people,” Peters said in a statement Thursday. “This bipartisan, commonsense bill will help shore up the defenses of critical infrastructure networks and address vulnerabilities in products and technologies that help operate them.”
Portman stressed separately that the recent attacks, such as that on Colonial Pipeline that led to fuel shortages in multiple states, “show the real-world implications that cyberattacks against critical infrastructure can have.”
“CISA’s role to play in supporting critical infrastructure owners and operators is crucial,” Portman said. “I am pleased to join my bipartisan colleagues in introducing this bill to ensure CISA can better defend against threats and increase the cybersecurity of critical infrastructure.”
The bill was introduced the day after Warner, Rubio, and all but three members of the Senate Intelligence Committee introduced a separate bill that would require federal agencies, federal contractors, and owners and operators of critical infrastructure to report cyber incidents to CISA within 24 hours of them occurring.
The bill is designed to give the government more transparency into cyberattacks on critical U.S. groups, with Warner emphasizing Thursday the need to do more to defend against malicious hackers.
“The trend over the last decade to interconnect, automate, and in some cases bring online industrial controls has introduced significant cyber vulnerabilities, attack vectors and even potential systemic risk,” Warner said in a statement. “The federal government needs to understand these risks and help our critical infrastructure sectors prepare for and defend against these threats, and this bill takes a good step forward in doing that.”
The SolarWinds attack and the ransomware attacks on Colonial Pipeline and JBS, along with the more recent attack on software company Kaseya, have all been linked to either Russian government hackers or cyber criminal groups believed to be based in Russia.
The exploitation of vulnerabilities in Microsoft’s Exchange Server earlier this year that compromised thousands of companies was attributed by the U.S. and other allied nations earlier this week to China-linked hackers.
Rubio underlined the threats continuously posed to the U.S. by foreign nations such as Russia and China.
“As made clear by the recent attacks on Colonial Pipeline and SolarWinds, we need to do more to protect American critical infrastructure and industries from cyber-attacks,” Rubio said in a statement. “Bad actors, often based in China or Russia, will stop at nothing to take advantage of any vulnerability in U.S. infrastructure. We need to strengthen our cyber defenses to more quickly detect and prevent these targeted attacks on our most critical industries.”