House Passes Bill to Enhance Industrial Cybersecurity

The U.S. House of Representatives on Monday passed a bill aimed at protecting industrial control systems (ICS), particularly ones used in critical infrastructure, against cyberattacks. The legislation, H.R. 5733, formally known as the “DHS Industrial Control Systems Capabilities Enhancement Act,” was introduced on May 9 by Rep. Don Bacon (R-NE) and it was approved by the House Committee on Homeland Security on June 6. The bill was announced a few weeks after the United States officially accused Russia of attempting to take control of critical infrastructure systems. The new bill amends the Homeland Security Act of 2002 and requires the DHS’s National Cybersecurity and Communications Integration Center (NCCIC) to identify and mitigate threats and risks to ICS technologies and products used in critical infrastructure organizations. The bill also requires NCCIC to maintain cross-sector incident response capabilities for ICS-related events, and provide technical assistance to end-users, product manufacturers, and other stakeholders in identifying and mitigating vulnerabilities in industrial control systems. The agency is also required to provide the ICS community information on vulnerabilities based on collaboration with security researchers, manufacturers and industry end-users. The DHS will have to brief Congress every six months over the next four years.