The U.S. House of Representatives approved legislation written to help protect industrial control systems (ICS) against digital threats.
On 25 June, lawmakers in the House passed a bill called “H.R. 5733, DHS Industrial Control Systems Capabilities Enhancement Act of 2018.” The legislation would require the National Cybersecurity and Communications Integration Center (NCCIC) in the Department of Homeland Security (DHS) to create capabilities that would help detect and mitigate threats and vulnerabilities affecting industrial control systems, particularly technologies which help keep critical infrastructure up and running. The NCCIC already does this with ICS owners and operators; this bill would codify those responsibilities without the imposition of additional operating costs.
Under the legislation, DHS would also need to report on its capabilities no more than six months after the bill’s approval into law and every six months thereafter over a period of the next four years.
Representative Don Bacon (R-Neb.) introduced the bill, which was passed by the House Homeland Security Committee earlier in June, after DHS and the FBI publicly blamed Russia in March 2018 for attempting to hack U.S. energy infrastructure. According to their technical alert, Russian actors staged initial attacks against third-party suppliers in order to compromise the networks of their intended attacks.
For Representative Bacon, this threat campaign highlighted the risks facing industrial systems. As quoted by The Hill:
Industrial controls are the critical interface between the digital controls in an operational process. Disruptions or damage to these systems have the potential to cause catastrophic and cascading consequences to our nation’s national security, economic security and our public health and public safety.
There is no companion legislation to H.R. 5733 on the U.S. Senate floor as of this writing, so it’s unclear whether the legislation will enter into law.
That shouldn’t stop organizations from protecting their industrial control systems, however. Enterprises should consider investing in a solution that grants them network visibility over all their industrial assets. To learn how Tripwire can help, click here.