House lawmakers approved legislation Monday aimed at securing technology used to power critical infrastructure from cyberattacks.
The bill offered by Rep. Don Bacon (R-Neb.) would codify work the Department of Homeland Security is currently doing to identify cyber threats to industrial control systems and mitigate them. Industrial control systems are used to run critical services in the United States, including the electric grid, water systems, and manufacturing plants.
The House passed the legislation in a voice vote Monday evening, after it cleared the House Homeland Security Committee earlier this month. However, there is currently no companion legislation being offered in the Senate.
Bacon introduced the legislation in May, after FBI and Homeland Security officials blamed hackers linked to the Russian government for waging a cyberattack campaign against the energy sector and other critical infrastructure sectors. In some cases, the hackers successfully breached networks where they were able to access information on industrial control and supervisory control and data acquisition, or SCADA, systems.
The revelations sparked increased fears over the threats to the U.S. power grid and other elements of critical infrastructure in the U.S.
“Industrial controls are the critical interface between the digital controls in an operational process,” Bacon said earlier this month. “Disruptions or damage to these systems have the potential to cause catastrophic and cascading consequences to our nation’s national security, economic security and our public health and public safety.”
The bill, formally known as the “DHS Industrial Control Systems Capabilities Enhancement Act of 2018,” would codify into law Homeland Security’s efforts to protect these systems by amending the Homeland Security Act of 2002 to instruct the department to maintain capabilities to help identify threats to industrial control systems and take the lead on coordinating across critical sectors to respond to cyber incidents.
It would also authorize Homeland Security to provide cyber technical assistance to end users, manufacturers and others to help find and mitigate vulnerabilities in industrial control systems that could potentially be exploited by hackers. And, it would codify a current vulnerability disclosure program at Homeland Security through which the department discloses previously unknown flaws in these systems to the private sector.
The legislation would also require Homeland Security officials to brief Congress on efforts to protect these systems twice each year for the four years following its enactment.