On a voice vote, lawmakers in the House of Representatives passed legislation on Monday, June 25, 2018 aimed at addressing the cybersecurity of critical infrastructure in the U.S. This bill follows its approval by the House Homeland Security Committee earlier in June. It also comes on the heels of numerous reports throughout the spring of 2018 that nation state-based threat actors, such as Russia and North Korea, were actively attempting to penetrate critical infrastructure networks.
There is currently no companion bill under review in the Senate.
The House bill was introduced by Representative Don Bacon (R-Neb.) after it was reported by cybersecurity researchers with Dragos, that hackers linked to the Russian government had attacked (and in some cases successfully breached) industrial control and supervisory control and data acquisition (SCADA) systems.
Industrial control and SCADA systems provide the structure and management required to operate and maintain the country’s critical infrastructure at scale. As Bacon notes, any “disruptions or damage to these systems have the potential to cause catastrophic and cascading consequences to our nation’s national security, economic security and our public health and safety.”
If a companion bill could get through the Senate, the law would amend the Homeland Security Act of 2002, instructing Homeland Security take the lead and continually monitor and coordinate with critical sectors on identifying and managing cybersecurity incidents. Homeland Security would also be authorized to help critical sectors and manufacturers mitigate any existing vulnerabilities. It would also allow Homeland Security to disclose known vulnerabilities to the private sector.