CISA
Critical infrastructure
News

US lawmakers introduce two bills to improve cybersecurity shields for critical infrastructure

April 29, 2021
cybersecurity shields

Two key bills have been introduced to improve U.S. cybersecurity shields, as the nation bolsters its critical infrastructure sector, which includes physical assets such as roads and fiber, apart from the intellectual and human capital behind them. The sector deals with pivotal and crucial functions of government and the private sector that are so vital to the U.S. that their disruption, corruption, or dysfunction would have a debilitating effect on security, the economy, national public health or safety, or any combination thereof.

One bill aims to create a ‘response and recovery’ fund to help public and private entities respond to and recover from cyberattacks. The other bill intends to help ensure that the Department of Homeland Security (DHS) is identifying and addressing risks to critical infrastructure.

The first bill, Cyber Response and Recovery Act, would create an authority for the Secretary of Homeland Security, in consultation with the National Cyber Director, to declare a significant cyber incident in the event of an ongoing or imminent attack that would impact national security, economic security, or government operations. 

Introduced in the Senate by U.S. Senators Rob Portman, a Republican from Ohio and Gary Peters, a Democrat from Michigan, ranking member and chairman of the Homeland Security and Governmental Affairs Committee, the bipartisan legislation would provide additional resources and better coordination for serious cyberattacks or breaches that risk the safety and security of Americans. 

This would enable the CISA to coordinate federal and non-federal response efforts, and allow the Secretary access to a Cyber Response and Recovery Fund that would help support federal and non-federal entities impacted by the event. The bill would authorize US$20 million over seven years for the fund, and would require DHS to report to Congress on its use. The legislation also helps improve the federal response to cyber breaches, such as recent and serious attacks by foreign adversaries, including the Chinese and Russian governments that allegedly penetrated both federal networks and private companies’ servers. 

“The multiple recent cyberattacks from sophisticated malicious actors against U.S. government clearly demonstrate our vulnerability to attack,” said Senator Portman in a press statement. “These cyberattacks will continue, and we must ensure that we have the capacity to respond when they do. This bipartisan bill will provide emergency resources when impacted organizations are overwhelmed and unable to respond to a debilitating attack.” 

“Extensive breaches and attacks of public and private networks in just the last few months have compromised our national security and shown our nation is not adequately prepared to tackle evolving cyber threats,” said Senator Peters. “As these challenges continue to grow, our national security apparatus needs more tools and resources to improve our response to these threats and defend against cyber-attacks from our foreign adversaries, like the Chinese government.” 

Last October, Portman and Peters led several bipartisan efforts to bolster the nation’s cybersecurity shields. They introduced a bill to require the federal government to make better investments in cybersecurity shields to keep Americans’ data safe. The U.S. Senate also unanimously approved their legislation to promote stronger cybersecurity shields and measures between the DHS and state and local governments. 

A bipartisan bill, National Risk Management Act, was also introduced in the US Senate to strengthen the security of critical infrastructure sectors by requiring the DHS’s Cybersecurity and Infrastructure Security Agency (CISA) to continually conduct a five-year National Risk Management Cycle. 

Following CISA’s identification of the risks, the White House would have to “identify and outline current and proposed national-level actions, programs, and efforts to be taken to address the risks identified,” according to the bill.

Introduced by Senators Maggie Hassan, a Democrat from New Hampshire and Ben Sasse, a Republican from Nebraska, the legislation would require the secretary, acting through the director of the CISA, to establish a process to identify, assess and prioritize risks to critical infrastructure, considering both cyber and physical threats, vulnerabilities, and consequences. 

“When a criminal shuts down a hospital system to get a ransomware payment or a foreign adversary hacks government agencies, we face grave threats to our national security and well-being,” said Senator Hassan in a press statement. “We must stay ahead of emerging threats to critical infrastructure, and I am glad to work across the aisle to help ensure that the administration and Congress are working together to make our critical infrastructure sectors more secure.”

“The rules of war are being re-written. China and Russia are increasingly brazen in their use of cyber tools to get inside American critical infrastructure networks,” said Senator Sasse. “These critical systems must be more resilient. It’s time to get serious about the future of war and how we protect the systems that allow our daily life to run smoothly.”

The latest bill is part of Senator Hassan’s ongoing efforts as chair of the Emerging Threats and Spending Oversight Subcommittee to strengthen DHS’s efforts to keep Americans safe, secure, and free. 

Senator Hassan has previously worked to pass the bipartisan DHS Data Framework Act – which is now law – to help ensure that analysts at the DHS can more efficiently identify terrorist threats. Due to the increasing number of cyber threats to government agencies and critical infrastructure, Senator Hassan introduced the bipartisan Hack DHS Act, which was signed into law, to strengthen cyber defenses at the DHS.

The U.S. launched in February an international strategy called CISA Global that joins with international partners to intensify defense against cyber incidents, enhance security and resilience of critical infrastructure, identify and address significant risks to national critical functions, and provide seamless and secure emergency communications.

The National Counterintelligence and Security Center (NCSC) and the The National Insider Threat Task Force (NITTF), in alliance with the Departments of Homeland Security, Treasury, Energy, Defense, and others, are working to better support critical infrastructure entities in the U.S. private sector, state, city, and local governments, and academia. 

“We encourage critical infrastructure entities to invest in human-behavior-focused insider threat programs that enhance and supplement traditional security practices and are tailored to their environments and unique threats and risks,” according to new guidelines released by the NCSC.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

RMC
Risk Mitigation Consulting acquires Securicon, boosting cybersecurity and mission assurance offerings
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation
New CGCYBER report warns of cybersecurity risks in marine environment due to network-connected OT systems
New CGCYBER report warns of cybersecurity risks in marine environment due to network-connected OT systems
Ukrainian CERT details malicious plan by Sandworm group to disrupt critical infrastructure facilities
Ukrainian CERT details malicious plan by Sandworm group to disrupt critical infrastructure facilities
DC3, DCSA collaborate to launch vulnerability disclosure program for defense industrial base
DC3, DCSA collaborate to launch vulnerability disclosure program for defense industrial base
Waterfall’s WF-600 unidirectional security gateway brings 'unbreachable protection' to OT/ICS networks
Waterfall, 2TS enter into cybersecurity alliance for African market
Honeywell’s 2024 USB Threat Report reveals significant rise in malware frequency, highlighting growing concerns
Honeywell’s 2024 USB Threat Report reveals significant rise in malware frequency, highlighting growing concerns
CISA declares winners of President’s Cup cybersecurity competition, with Artificially Intelligent team leading
CISA declares winners of President’s Cup cybersecurity competition, with Artificially Intelligent team leading
Enhancing industrial cybersecurity by tackling threats, complying with regulations, boosting operational resilience
Enhancing industrial cybersecurity by tackling threats, complying with regulations, boosting operational resilience
MITRE confirms breach on NERVE network, suspected foreign nation-state actor involved
MITRE confirms breach on NERVE network, suspected foreign nation-state actor involved