The world's most capable, rugged and secure
industrial control system...
Introducing Bedrock OSA® Remote
- Intrinsically-secure PLC and RTU control
- 10 or 20 channels of universal I/O
- Free IEC 61131-3 engineering software
- -40ºC to +80ºC temperature range
- Rugged, all-metal case 5.4 in x 8.9 in x 2.3 in
Can Congress Stop Cybercrime?
June 29, 2021 | Robert Bergman
One thing on which both Democrats and Republicans seem to agree is the need for greater cyber security. More than 100 cyber security bills impacting cyber security are on the congressional docket, covering everything from banning TikTok on government devices (H.R.2566) to a bill calling for responsiveness exercises with a simulated partial or complete incapacitation of a government or critical infrastructure network resulting from a cyber incident (H.R.3223). A complete list and status of each bill can be found at www.congress.gov.
One that relates to the industrial control space is H.R.1833 – DHS Industrial Control Systems Capabilities Enhancement Act, which would call for the Director of Homeland Security to maintain capabilities to identify and address threats and vulnerabilities to products and technologies used in the automated control of critical infrastructure processes, including the following:
- Leading efforts to identify and mitigate cybersecurity threats to industrial control systems, including supervisory control and data acquisition systems
- Maintaining threat hunting and incident response capabilities to respond to industrial control system cyber security risks and incidents
- Providing cyber security technical assistance to industry end-users, product manufacturers, other Federal agencies, and other industrial control system stakeholders to identify, evaluate, assess, and mitigate vulnerabilities
- Collecting, coordinating and providing vulnerability information to the industrial control systems community by, as appropriate, working closely with security researchers, industry end-users, product manufacturers, other Federal agencies, and other industrial control systems stakeholders
Here are some others that would seem to have the most impact on the industrial space:
Passed the Senate
S.1260 — 117th Congress (2021-2022) United States Innovation and Competition Act of 2021
This bill establishes a Directorate for Technology and Innovation in the National Science Foundation (NSF) and establishes various programs and activities. The bill intends to strengthen U.S. leadership in key technology focus areas, such as artificial intelligence, high-performance computing, and advanced manufacturing. It also calls for the Department of Commerce to establish a supply chain resiliency and crisis response program to address supply chain gaps and vulnerabilities in critical industries. Next step: on to the House
S.914 — 117th Congress (2021-2022) Drinking Water and Wastewater Infrastructure Act of 2021
This bill reauthorizes through FY2026 or establishes a variety of programs for water infrastructure. Specifically, it supports programs to provide safe drinking water or treat wastewater, such as sewer overflows or stormwater. For example, the bill reauthorizes and revises the clean water state revolving fund (SRF) and the drinking water SRF. Cyber security provisions including identifying public water systems that if compromised could have a significant impact on public health and assessing the capacity of a public water system to remediate a cyber security vulnerability and have a cascading failure effect on other critical infrastructure. There are also requirements for filing “Technical Cybersecurity Support Plans” for public water systems, including penetration tests. Next step: on to the House
Passed the House
H.R.1602 — 117th Congress (2021-2022) Eliminate Barriers to Innovation Act of 2021
HR 1602 seeks to establish a legal and regulatory policy related to digital assets, including understanding their impact on the competitive position of the United States and recommending standards concerning custody, private key management, cybersecurity, and business continuity relating to digital asset intermediaries. Next step: on to the Senat
H.R.1251 — 117th Congress (2021-2022) Cyber Diplomacy Act of 2021
Establishes requirements related to diplomatic engagement with foreign countries on matters of U.S. cyberspace policy. It would set up a Bureau of International Cyberspace Policy within the Department of State to advise the State Department on cyberspace issues and lead diplomatic efforts on issues related to international cyber security, internet access and freedom, and international cyber threats. It requires the President to devise a strategy for U.S. engagement with foreign governments on international norms related to responsible state behavior in cyberspace and encourages the President to enter executive arrangements with foreign governments that support U.S. cyberspace policy. Next step: on to the Senate
Introduced in House or Senate – but no vote yet
H.R.3243 — Pipeline Security Act
H.R.3078 — Requires the Secretary of Energy to carry out a program relating to physical security and cybersecurity for pipelines and liquefied natural gas facilities.
H.R.2931 — Provides for certain programs and developments in the Department of Energy concerning the cybersecurity and vulnerabilities of, and physical threats to, the electric grid, and for other purposes.
H.R.2928 — Requires the Secretary of Energy to establish a voluntary Cyber Sense program to test the cyber security of products and technologies intended for use in the bulk-power system, and other purposes.
H.R.2685 — Understanding Cybersecurity of Mobile Networks Act
S.1193 — United States-Israel Cybersecurity Cooperation Enhancement Act of 2021
S.735 — Advanced Technological Manufacturing Act
H.R.1591 — Chief Manufacturing Officer Act
H.R.1672 — Connect America Act of 202
In addition, according to CSO Magazine, Senate Majority Leader Chuck Schumer (D-NY) has recently initiated a review of recent high-profile ransomware attacks in the run-up to new legislation. Then, Chairman Gary Peters (D-MI) and Rob Portman (R-OH), chair and ranking member of the Senate Homeland Security Committee sent a letter to national security adviser Jake Sullivan and Shalanda Young, the acting director of the Office of Management and Budget, asking the two officials to spell out within 30 days the legal authorities they think federal agencies need to combat ransomware attacks. Their responses could serve as the basis for new legislation to rein in ransomware.
So, will it all make a difference? If some of this makes it into law or enforcement, more information and more resources applied to the problem could make a difference, especially if some of that goes into applying America’s extensive cyber talent to tracking and stifling intruders. From a Bedrock Automation perspective, we are advocating for the H.R.1833 – DHS Industrial Control Systems Capabilities Enhancement Act mentioned earlier, which provides cybersecurity technical assistance to industry end-users, product manufacturers, other Federal agencies, and other industrial control system stakeholders to identify, evaluate, assess, and mitigate vulnerabilities.
For more information on how current legislation might impact the EMP threat, read “States Push for EMP Preparedness”.