A group of bipartisan House lawmakers on Thursday introduced legislation intended to protect critical infrastructure from cyberattacks after an unsuccessful hack of a Florida water treatment facility.
The Department of Homeland Security (DHS) Industrial Control Systems Enhancement Act, spearheaded by House Homeland Security Committee ranking member John KatkoJohn Michael KatkoHillicon Valley: Lawmakers roll out bill to protect critical infrastructure after Florida water hack | Clyburn, Klobuchar push billion fix to digital divide | Uber, Lyft to share information on drivers banned for ‘most serious’ safety incidents Lawmakers roll out bill to protect critical infrastructure after Florida water hack Pro-union bill passes House, setting up lobbying battle in Senate MORE (R-N.Y.), would give more authority to the Cybersecurity and Infrastructure Security Agency (CISA) to protect critical systems against attacks.
The CISA director would be required to maintain the ability to detect and respond to attacks on industrial control systems, and also be able to provide assistance to critical infrastructure groups.
The director would also be required to collect and distribute information on vulnerabilities in systems to owners and operators.
Lawmakers rolled the bill out a month after officials in Oldsmar, Fla., announced that a hacker had unsuccessfully attempted to tamper with systems at the town’s water treatment facility to poison the water.
The legislation is also being introduced as CISA continues to grapple with two major cyber espionage incidents likely involving Russian and Chinese hackers that have potentially compromised thousands of U.S. government and private sector troops.
The bill’s co-sponsors include a range of key House cybersecurity leaders, including House Homeland Security Committee Chairman Bennie ThompsonBennie Gordon ThompsonLawmakers roll out bill to protect critical infrastructure after Florida water hack The Hill’s 12:30 Report – Presented by ExxonMobil – Increased security on Capitol Hill amid QAnon’s March 4 date House passes voting rights and elections reform bill MORE (D-Miss.), cybersecurity subcommittee Chairwoman Yvette ClarkeYvette Diane ClarkeLawmakers roll out bill to protect critical infrastructure after Florida water hack Lawmakers line up behind potential cyber breach notification legislation DHS announces new measures to boost nation’s cybersecurity MORE (D-N.Y.), cybersecurity subcommittee ranking member Andrew Garbarino (R-N.Y.), and Rep. Jim LangevinJames (Jim) R. LangevinLawmakers roll out bill to protect critical infrastructure after Florida water hack Hillicon Valley: House approves almost billion in cyber, tech funds as part of relief package | Officials warn of ‘widespread’ exploit of Microsoft vulnerabilities | Facebook files to dismiss antitrust lawsuits New research finds ‘record-breaking’ number of K-12 cyber incidents in 2020 MORE (D-R.I.), chair of the House Armed Services Committee’s cybersecurity subcommittee.
Other co-sponsors are Reps. Don Bacon (R-Neb.), Kat Cammack (R-Fla.), Carlos Gimenez (R-Fla.), and John RutherfordJohn Henry RutherfordLawmakers roll out bill to protect critical infrastructure after Florida water hack Marjorie Taylor Greene’s delay tactics frustrate GOP READ: The Republicans who voted to challenge election results MORE (R-Fla).
Katko on Thursday emphasized the need to strengthen CISA in the face of evolving threats and as it works to respond to several recent major cyberattacks.
“As I have said consistently, we need to continue to build centralized cybersecurity capacity with CISA where possible for the entire critical infrastructure community to voluntarily benefit from,” Katko said in a statement. “This important piece of legislation will solidify CISA’s lead role in protecting our nation’s critical infrastructure from cyber threats, particularly to our industrial control systems.”
The House Homeland Security Committee and the House Oversight and Reform Committee are in the midst of an investigation into what has become known as the SolarWinds hack.
The incident, discovered in December, involved sophisticated Russian hackers successfully compromising at least nine federal agencies and 100 private sector companies for around a year through exploiting software from IT group SolarWinds, among other methods.
Top CISA officials discussed both the SolarWinds hack and recently uncovered vulnerabilities in Microsoft Exchange Servers exploited by Chinese hackers during a House subcommittee hearing earlier this week.
Acting CISA Director Brandon Wales testified that $650 million approved by the House on Wednesday for CISA as part of the COVID-19 relief package would not be enough to fully confront current and future threats.
“$650 million … is a down payment. It accelerates some of these efforts, but this is going to require sustained investment,” Wales testified to the House Appropriations Homeland Security Subcommittee.