Reps. John Katko, R-N.Y., and Abigail Spanberger, D-Va., introduced a bipartisan bill in the House this week that aims to protect systemically important critical infrastructure (SICI) from cyberattacks.
The Securing Systemically Important Critical Infrastructure Act instructs the Cybersecurity and Infrastructure Security Agency (CISA) to establish a clear process to designate SICI and prioritize cybersecurity services for SICI owners and operators.
“Over the past year, we’ve seen the devastating real-world impacts of sophisticated cyberattacks on our nation’s critical infrastructure,” Rep. Katko said in a press release. “To mitigate risks to our economic and national security going forward, we need a clear process for identifying which infrastructure constitutes systemically important critical infrastructure. Disruption to this infrastructure – ranging from pipelines to software – could have an outsized impact on our homeland security. The owners and operators of SICI naturally demand deeper cyber risk management integration with the Federal government.”
“In recent months, we have collaborated extensively with industry to codify a transparent, well-understood, stakeholder-involved process for identifying SICI,” Rep. Katko continued. “Our goal is to understand the single points of failure and layers of systemic risk in our economy, because if everything is critical, nothing is. This effort is complementary to bipartisan incident reporting legislation that recently passed the House. As cyber attackers continue to act with impunity and disrupt our critical infrastructure, time is of the essence.”
Currently, cybersecurity services are offered on a first-come, first-served basis, with no risk-based priority, the House members said. Their legislation aims to change that and offer SICI owners and operators “front of the line access for CISA’s key cybersecurity programs,” prioritized representation in CISA’s Joint Cyber Defense Collaborative, and prioritized applications for security clearances.
The legislation would also require CISA to consult with Sector Risk Management Agencies (SRMAs) and stakeholders “in establishing a methodology and criteria for determining what critical infrastructure qualifies as SICI.” Additionally, it would provide CISA with clear parameters for creating the SICI criteria.
“As we look to protect the American people from future threats and keep our economy competitive, I am proud to join my colleague, Ranking Member Katko, in introducing this timely legislation,” Rep. Spanberger said. “Our bipartisan bill would help us identify the critical infrastructure that is particularly foundational and systemically important to our economy and national security, and it would help prioritize protecting these systemically important systems from the serious consequences cyberattacks can have on public safety and health, as well as on our supply chains.”