House Passes Several Critical Infrastructure Cybersecurity Bills

The U.S. House of Representatives this week passed several cybersecurity bills, including ones related to critical infrastructure, industrial control systems (ICS), and grants for state and local governments.

One of the bills focusing on critical infrastructure is the Cybersecurity Vulnerability Remediation Act, which aims to authorize the DHS’s Cybersecurity and Infrastructure Security Agency (CISA) to assist owners and operators of critical infrastructure with mitigation strategies against serious vulnerabilities.

The bill covers vulnerabilities in IT and OT systems, as well as security holes in hardware or software that is no longer supported. It also authorizes the DHS to create a competition for identifying remediation solutions for vulnerabilities in IT and ICS products.

The House this week also passed the CISA Cyber Exercise Act, which establishes a program within CISA with the goal of promoting regular testing and assessments of preparedness and resilience to cyberattacks aimed at critical infrastructure.

The exercises would simulate significant impact from a cyberattack on government or critical infrastructure networks, and would help organizations improve readiness and incident response capabilities.

Another bill is the DHS Industrial Control Systems Capabilities Enhancement Act of 2021, which requires CISA to improve its ability to identify and address threats to ICS, particularly systems used in critical infrastructure. If the bill becomes law, the agency will be required to maintain cross-sector incident response capabilities, provide technical assistance to stakeholders, and share vulnerability information with the ICS community.

The State and Local Cybersecurity Improvement Act seeks to authorize a new $500 million grant program whose goal is to provide funding for cybersecurity to state, local, tribal and territorial governments.

The bill will allow state and local government organizations to request funds that they will use to address cybersecurity risks and threats to their IT systems. CISA will be in charge of the program.

Another bill passed on to the Senate this week is the Domains Critical to Homeland Security Act, which authorizes the DHS to identify supply chain risks to domains that are critical to economic security. While it does not specifically mention cyber, it could be applicable to this area.

“The bill defines United States critical domains for economic security as the critical infrastructure and other associated industries, technologies, and intellectual property, or any combination thereof, that are essential to U.S. economic security,” a summary of the bill explains.

All of these bills are proposed as amendments to the Homeland Security Act of 2002.

Related: Proposed Bill Would Allow Americans to Sue Foreign Cyber-Actors

Related: House Committee Passes Bills Improving CISA Leadership and Authority

Related: IoT Cybersecurity Improvement Act Passes Senate