House Panel Okays Bill to Boost DHS Role in Scoping ICS Threats

(Image: Omaha World-Herald)

The House Homeland Security Committee today approved H.R. 5733, the DHS [Department of Homeland Security] Industrial Control Systems Capabilities Enhancement Act of 2018, that would amend the Homeland Security Act of 2002 to give DHS’s National Cybersecurity and Communications Integration Center (NCCIC) the responsibility to maintain capabilities to identify threats to industrial control systems (ICS).

The committee approved the bill at a mark-up session today, and voted to recommend it favorably to the full House of Representatives. Rep. Don Bacon, R-Neb., introduced the measure on May 9, 2018.

If signed into law, the bill will cover the devices, systems, networks, and controls used to operate and/or automate industrial processes. ICSs are found in almost all industrial and critical infrastructure sectors, including manufacturing, transportation, energy, and water treatment industries.

Join us on June 14 at the Marriott Marquis in D.C. as we drill down on the strategies and solutions needed to support an agile, flexible, scalable – and secure – digital government. Learn more and register
According to the current draft of the bill, NCCIC will be tasked with leading Federal government efforts to identify and mitigate cybersecurity threats to ICSs, including supervisory control and data acquisition systems. Additionally, the Center will maintain cross-sector incident response capabilities to respond to ICS cybersecurity incidents, as well as provide cybersecurity technical assistance to industry end-users, product manufacturers, and other ICS stakeholders to identify and mitigate vulnerabilities

The bill’s focus on ICS and critical infrastructure sectors is unsurprising given the events of recent months. In March, the Department of Homeland Security issued a rare public alert about a large-scale Russian cyber campaign targeting U.S. infrastructure. The following month, the House Armed Services Committee discussed the technology security and public safety challenges associated with critical infrastructure in a hearing on cyber operations. In May, Tenable announced that it had discovered a critical remote code execution vulnerability in two Schneider Electric applications used in manufacturing, oil and gas, water, automation, and wind and solar power facilities.

Recent