Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

House Passes Several Critical Infrastructure Cybersecurity Bills

The U.S. House of Representatives this week passed several cybersecurity bills, including ones related to critical infrastructure, industrial control systems (ICS), and grants for state and local governments.

The U.S. House of Representatives this week passed several cybersecurity bills, including ones related to critical infrastructure, industrial control systems (ICS), and grants for state and local governments.

One of the bills focusing on critical infrastructure is the Cybersecurity Vulnerability Remediation Act, which aims to authorize the DHS’s Cybersecurity and Infrastructure Security Agency (CISA) to assist owners and operators of critical infrastructure with mitigation strategies against serious vulnerabilities.

The bill covers vulnerabilities in IT and OT systems, as well as security holes in hardware or software that is no longer supported. It also authorizes the DHS to create a competition for identifying remediation solutions for vulnerabilities in IT and ICS products.

The House this week also passed the CISA Cyber Exercise Act, which establishes a program within CISA with the goal of promoting regular testing and assessments of preparedness and resilience to cyberattacks aimed at critical infrastructure.

The exercises would simulate significant impact from a cyberattack on government or critical infrastructure networks, and would help organizations improve readiness and incident response capabilities.

Another bill is the DHS Industrial Control Systems Capabilities Enhancement Act of 2021, which requires CISA to improve its ability to identify and address threats to ICS, particularly systems used in critical infrastructure. If the bill becomes law, the agency will be required to maintain cross-sector incident response capabilities, provide technical assistance to stakeholders, and share vulnerability information with the ICS community.

The State and Local Cybersecurity Improvement Act seeks to authorize a new $500 million grant program whose goal is to provide funding for cybersecurity to state, local, tribal and territorial governments.

Advertisement. Scroll to continue reading.

The bill will allow state and local government organizations to request funds that they will use to address cybersecurity risks and threats to their IT systems. CISA will be in charge of the program.

Another bill passed on to the Senate this week is the Domains Critical to Homeland Security Act, which authorizes the DHS to identify supply chain risks to domains that are critical to economic security. While it does not specifically mention cyber, it could be applicable to this area.

“The bill defines United States critical domains for economic security as the critical infrastructure and other associated industries, technologies, and intellectual property, or any combination thereof, that are essential to U.S. economic security,” a summary of the bill explains.

All of these bills are proposed as amendments to the Homeland Security Act of 2002.

Related: Proposed Bill Would Allow Americans to Sue Foreign Cyber-Actors

Related: House Committee Passes Bills Improving CISA Leadership and Authority

Related: IoT Cybersecurity Improvement Act Passes Senate

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...