A invoice codifying the Department of Homeland Security’s (DHS’s) function in addressing industrial management methods (ICS) cybersecurity has cleared the U.S. House of Representatives.
While H.R. 5733, “DHS Industrial Control Systems Capabilities Enhancement Act,” comprises no mandates for the non-public sector, it directs the DHS’s National Cybersecurity and Communications Integration Center (NCCIC) to develop and preserve “capabilities” to determine and mitigate threats and vulnerabilities to merchandise and applied sciences in each info and operational know-how, together with ICS.
Significantly, it additionally requires the DHS to gather, coordinate, and supply vulnerability info to the ICS group by working carefully with safety researchers, business end-users, product producers, and different ICS stakeholders.
It additionally directs DHS to keep up cross-sector incident-response capabilities to reply to cybersecurity incidents and show technical help to stakeholders. The invoice requires DHS to offer briefings to Congress on these capabilities inside six months of its enactment, and each six months thereafter over the subsequent 4 years.
Introduced on May 9, 2018, by Rep. Don Bacon (R-Neb.), the invoice cleared the House on June 25.
ICS—that are the operational know-how that embrace supervisory management and information acquisition (SCADA) methods, course of management methods (PCS), and distributed management methods (DCS)—are generally utilized in energy crops, dams, water remedy services, and pure gasoline pipelines for crucial capabilities, corresponding to to measure, management, and supply a view of management processes. However, specialists warn that just about two-thirds of ICS vulnerabilities recognized in 2017 may trigger extreme operational impression if exploited.
The NCCIC already works with ICS operators and producers to offer malware and vulnerability evaluation, in addition to to watch, observe, and examine cyber incidents and supply incident response. NCCIC additionally disseminates menace briefings, safety bulletins, and notices associated to rising threats and vulnerabilities.
According to Bacon, the invoice to codify NCCIC’s work is vital as a result of it ensures business has a “centralized and everlasting place for help with addressing cybersecurity danger” to ICS.
While no hearings have been held on the invoice, it is without doubt one of the first main items of laws concentrating on ICS cybersecurity. Since the start of the yr, House lawmakers have held no less than two hearings on cybersecurity because it pertains to operational know-how.
The Senate on June 26 acquired the invoice and has referred it to the Committee on Homeland Security and Governmental Affairs.
—Sonal Patel is a POWER affiliate editor (@sonalcpatel, @POWERmagazine)
The put up Bill Codifying Federal Role in ICS Cybersecurity Clears House appeared first on POWER Magazine.