A bipartisan group of legislators has introduced the Department of Homeland Security (DHS) Industrial Control Systems Enhancement Act of 2021. The legislation will solidify the Cybersecurity & Infrastructure Security Agency’s (CISA) lead role in protecting critical infrastructure – particularly industrial control systems (ICS) – from cyber threats.
The legislation is co-sponsored by leadership of the House Committee on Homeland Security – Chairman Bennie Thompson, D-Miss., and Ranking Member John Katko, R-N.Y. – as well as leadership from the Cybersecurity Subcommittee, Chair Yvette Clarke, D-N.Y., and Ranking Member Andrew Garbarino, R-N.Y. The bill is also sponsored by Reps. Don Bacon, R-Neb., Kat Cammack, R-Fla., Carlos Gimenez, R-Fla., Jim Langevin, D-R.I., and John Rutherford, R-Fla.
In a press release, the bill’s cosponsors cited a recent cyberattack against an Oldsmar, Fla. water treatment facility. On Feb. 5, hackers attempted to increase the amount of sodium hydroxide – commonly known as lye – in the water to lethal levels. In response, CISA issued guidance on Feb. 11, which said the hackers likely took advantage of an outdated Windows 7 operating system to gain access.
“The recent attack on a water treatment facility in Oldsmar, Florida, served as an alarming reminder of the threats facing our critical systems,” the cosponsors said. “We must ensure our nation’s lead cybersecurity agency has the authorities it needs to protect the control systems that underpin many of our nation’s critical functions.”
If enacted, the bill would amend the Homeland Security Act to require the director of CISA to maintain capabilities to detect and mitigate threats and vulnerabilities affecting automated control of critical infrastructure. This responsibility would include maintaining cross-sector incident response capabilities to respond to cybersecurity incidents, and providing cybersecurity technical assistance to stakeholders. The CISA director would also be required to collect, coordinate, and provide vulnerability information to the industrial control systems community.
“These [critical infrastructure] systems operate many vital components of our nation’s critical infrastructure and remain under constant attack from cybercriminals and nation-state actors,” Rep. Katko said. “As we saw recently when a Florida water treatment facility was targeted, these attacks can have devastating, real-world consequences. This legislation is a critical first step in the [House Homeland Security Committee’s] efforts to ensure CISA has proper resources and authorities to effectively carry out its mission.”