Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

House Passes Several Critical Infrastructure Cybersecurity Bills

The U.S. House of Representatives this week passed several cybersecurity bills, including ones related to critical infrastructure, industrial control systems (ICS), and grants for state and local governments.

The U.S. House of Representatives this week passed several cybersecurity bills, including ones related to critical infrastructure, industrial control systems (ICS), and grants for state and local governments.

One of the bills focusing on critical infrastructure is the Cybersecurity Vulnerability Remediation Act, which aims to authorize the DHS’s Cybersecurity and Infrastructure Security Agency (CISA) to assist owners and operators of critical infrastructure with mitigation strategies against serious vulnerabilities.

The bill covers vulnerabilities in IT and OT systems, as well as security holes in hardware or software that is no longer supported. It also authorizes the DHS to create a competition for identifying remediation solutions for vulnerabilities in IT and ICS products.

The House this week also passed the CISA Cyber Exercise Act, which establishes a program within CISA with the goal of promoting regular testing and assessments of preparedness and resilience to cyberattacks aimed at critical infrastructure.

The exercises would simulate significant impact from a cyberattack on government or critical infrastructure networks, and would help organizations improve readiness and incident response capabilities.

Another bill is the DHS Industrial Control Systems Capabilities Enhancement Act of 2021, which requires CISA to improve its ability to identify and address threats to ICS, particularly systems used in critical infrastructure. If the bill becomes law, the agency will be required to maintain cross-sector incident response capabilities, provide technical assistance to stakeholders, and share vulnerability information with the ICS community.

The State and Local Cybersecurity Improvement Act seeks to authorize a new $500 million grant program whose goal is to provide funding for cybersecurity to state, local, tribal and territorial governments.

The bill will allow state and local government organizations to request funds that they will use to address cybersecurity risks and threats to their IT systems. CISA will be in charge of the program.

Advertisement. Scroll to continue reading.

Another bill passed on to the Senate this week is the Domains Critical to Homeland Security Act, which authorizes the DHS to identify supply chain risks to domains that are critical to economic security. While it does not specifically mention cyber, it could be applicable to this area.

“The bill defines United States critical domains for economic security as the critical infrastructure and other associated industries, technologies, and intellectual property, or any combination thereof, that are essential to U.S. economic security,” a summary of the bill explains.

All of these bills are proposed as amendments to the Homeland Security Act of 2002.

Related: Proposed Bill Would Allow Americans to Sue Foreign Cyber-Actors

Related: House Committee Passes Bills Improving CISA Leadership and Authority

Related: IoT Cybersecurity Improvement Act Passes Senate

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...