Can Congress Stop Cybercrime?
Featured Product from Bedrock Automation
Can Congress Stop Cybercrime?
One thing on which both Democrats and Republicans seem to agree is the need for greater cyber security. More than 100 cyber security bills impacting cyber security are on the congressional docket, covering everything from banning TikTok on government devices (H.R.2566) to a bill calling for responsiveness exercises with a simulated partial or complete incapacitation of a government or critical infrastructure network resulting from a cyber incident (H.R.3223). A complete list and status of each bill can be found at www.congress.gov.
One that relates to the industrial control space is H.R.1833 – DHS Industrial Control Systems Capabilities Enhancement Act, which would call for the Director of Homeland Security to maintain capabilities to identify and address threats and vulnerabilities to products and technologies used in the automated control of critical infrastructure processes, including the following:
- Leading efforts to identify and mitigate cybersecurity threats to industrial control systems, including supervisory control and data acquisition systems
- Maintaining threat hunting and incident response capabilities to respond to industrial control system cyber security risks and incidents
- Providing cyber security technical assistance to industry end-users, product manufacturers, other Federal agencies, and other industrial control system stakeholders to identify, evaluate, assess, and mitigate vulnerabilities
- Collecting, coordinating and providing vulnerability information to the industrial control systems community by, as appropriate, working closely with security researchers, industry end-users, product manufacturers, other Federal agencies, and other industrial control systems stakeholders
Here are some others that would seem to have the most impact on the industrial space:
Passed the Senate
S.1260 — 117th Congress (2021-2022) United States Innovation and Competition Act of 2021
This bill establishes a Directorate for Technology and Innovation in the National Science Foundation (NSF) and establishes various programs and activities. The bill intends to strengthen U.S. leadership in key technology focus areas, such as artificial intelligence, high-performance computing, and advanced manufacturing. It also calls for the Department of Commerce to establish a supply chain resiliency and crisis response program to address supply chain gaps and vulnerabilities in critical industries. Next step: on to the House
S.914 — 117th Congress (2021-2022) Drinking Water and Wastewater Infrastructure Act of 2021
This bill reauthorizes through FY2026 or establishes a variety of programs for water infrastructure. Specifically, it supports programs to provide safe drinking water or treat wastewater, such as sewer overflows or stormwater. For example, the bill reauthorizes and revises the clean water state revolving fund (SRF) and the drinking water SRF. Cyber security provisions including identifying public water systems that if compromised could have a significant impact on public health and assessing the capacity of a public water system to remediate a cyber security vulnerability and have a cascading failure effect on other critical infrastructure. There are also requirements for filing “Technical Cybersecurity Support Plans” for public water systems, including penetration tests. Next step: on to the House
Passed the House
H.R.1602 — 117th Congress (2021-2022) Eliminate Barriers to Innovation Act of 2021
HR 1602 seeks to establish a legal and regulatory policy related to digital assets, including understanding their impact on the competitive position of the United States and recommending standards concerning custody, private key management, cybersecurity, and business continuity relating to digital asset intermediaries. Next step: on to the Senat
H.R.1251 — 117th Congress (2021-2022) Cyber Diplomacy Act of 2021
Establishes requirements related to diplomatic engagement with foreign countries on matters of U.S. cyberspace policy. It would set up a Bureau of International Cyberspace Policy within the Department of State to advise the State Department on cyberspace issues and lead diplomatic efforts on issues related to international cyber security, internet access and freedom, and international cyber threats. It requires the President to devise a strategy for U.S. engagement with foreign governments on international norms related to responsible state behavior in cyberspace and encourages the President to enter executive arrangements with foreign governments that support U.S. cyberspace policy. Next step: on to the Senate
Introduced in House or Senate – but no vote yet
H.R.3243 — Pipeline Security Act
H.R.3078 — Requires the Secretary of Energy to carry out a program relating to physical security and cybersecurity for pipelines and liquefied natural gas facilities.
H.R.2931 — Provides for certain programs and developments in the Department of Energy concerning the cybersecurity and vulnerabilities of, and physical threats to, the electric grid, and for other purposes.
H.R.2928 — Requires the Secretary of Energy to establish a voluntary Cyber Sense program to test the cyber security of products and technologies intended for use in the bulk-power system, and other purposes.
H.R.2685 — Understanding Cybersecurity of Mobile Networks Act
S.1193 — United States-Israel Cybersecurity Cooperation Enhancement Act of 2021
S.735 — Advanced Technological Manufacturing Act
H.R.1591 — Chief Manufacturing Officer Act
H.R.1672 — Connect America Act of 202
In addition, according to CSO Magazine, Senate Majority Leader Chuck Schumer (D-NY) has recently initiated a review of recent high-profile ransomware attacks in the run-up to new legislation. Then, Chairman Gary Peters (D-MI) and Rob Portman (R-OH), chair and ranking member of the Senate Homeland Security Committee sent a letter to national security adviser Jake Sullivan and Shalanda Young, the acting director of the Office of Management and Budget, asking the two officials to spell out within 30 days the legal authorities they think federal agencies need to combat ransomware attacks. Their responses could serve as the basis for new legislation to rein in ransomware.
So, will it all make a difference? If some of this makes it into law or enforcement, more information and more resources applied to the problem could make a difference, especially if some of that goes into applying America’s extensive cyber talent to tracking and stifling intruders. From a Bedrock Automation perspective, we are advocating for the H.R.1833 – DHS Industrial Control Systems Capabilities Enhancement Act mentioned earlier, which provides cybersecurity technical assistance to industry end-users, product manufacturers, other Federal agencies, and other industrial control system stakeholders to identify, evaluate, assess, and mitigate vulnerabilities.
For more information on how current legislation might impact the EMP threat, read “States Push for EMP Preparedness”.
Follow us on:
What our Partners have to say>>>Watch Now
People are talking about Bedrock Automation and our revolutionary industrial control system. Listen to what our founding Solution Partners have to say about our product and company!
Bedrock Automation has developed the next generation industrial control system with a revolutionary electro-magnetic backplane architecture and deeply embedded cyber security for the highest levels of system performance, security and reliability at the lowest system cost. Bedrock started with a clean sheet of paper just a few years ago and re-imagined how a modern industrial control system should be designed: Simple Scalable Secure
Welcome to the School of Bedrock!
Here, we offer free online training courses to learn the basics of Bedrock Open Secure Automaton for initial certification. These online courses cover a lot of ground, from an introduction to our intrinsically cyber secure hardware platform and free IEC 61131 software environment to some of our advanced capabilities and more. Go at your own pace and enjoy learning how Open Secure Automation works to improve efficiency, performance, and cost.