Senate considers bipartisan bill requiring CISA to better secure Industrial Control Systems

Amid heightened legislative concern over national cybersecurity, a bipartisan group of senators this week introduced legislation that would require the Cybersecurity and Infrastructure Security Agency (CISA) to guarantee it could better identify and eliminate threats to critical infrastructure’s Industrial Control Systems.

Legislators, which include U.S. Sens. Gary Peters (D-MI), Rob Portman (R-OH), Marco Rubio (R-FL), and Mark Warner (D-VA), cited the SolarWinds and Colonial Pipeline attacks from over the past year as partial inspirations for the DHS Industrial Control Systems Capabilities Enhancement Act. In those attacks, IT management firm SolarWinds was hacked, leading to compromised details of hundreds of federal agencies and private companies. In the case of the Colonial Pipeline, a ransomware attack caused pipeline operations to halt for days, resulting in fuel shortages along the East Coast.

“As foreign adversaries and the criminal organizations they harbor continue to target our critical infrastructure systems, it is essential we work to protect these networks from attacks that can lead to significant harm to the American people,” Peters said. “This bipartisan, commonsense bill will help shore up the defenses of critical infrastructure networks and address vulnerabilities in products and technologies that help operate them.”

Industrial Control Systems are operational technology involved in operating the functions of things like pipelines, as well as water and electric utilities. Such things have led to increased interconnectivity and automation, but this has also increased their vulnerability on the cyber front. They have proven potentially vulnerable to hackers, be they individuals or nation state sponsored. Russia and China have been among those accused of sponsoring bad actors for such attacks.

“Attacks like the one against Colonial Pipeline show the real-world implications that cyberattacks against critical infrastructure can have,” Portman said. “CISA’s role to play in supporting critical infrastructure owners and operators is crucial. I am pleased to join my bipartisan colleagues in introducing this bill to ensure CISA can better defend against threats and increase the cybersecurity of critical infrastructure.”

The Senate iteration of the DHS Industrial Control Systems Capabilities Enhancement Act serves as companion legislation introduced in the House by U.S. Rep. John Katko (R-NY). That bill was advanced unanimously through the House earlier this year.