Press Releases

Washington, D.C. — U.S. Senators Marco Rubio (R-FL), Gary Peters (D-MI), Rob Portman (R-OH), and Mark Warner (D-VA) introduced the DHS Industrial Control Systems Capabilities Enhancement Act of 2021, which seeks to safeguard our nation’s critical infrastructure networks against cybersecurity threats. The bill would require the Cybersecurity and Infrastructure Security Agency (CISA) to ensure they can better identify and mitigate threats to Industrial Control Systems, the operational technology involved in operating the function of critical infrastructure networks, including pipelines, water supply and electric utilities. The bill is the Senate companion to legislation introduced by U.S. Representative John Katko (R-NY), which passed the House unanimously.
 
“As made clear by the recent attacks on Colonial Pipeline and SolarWinds, we need to do more to protect American critical infrastructure and industries from cyber-attacks,” Rubio said. “Bad actors, often based in China or Russia, will stop at nothing to take advantage of any vulnerability in U.S. infrastructure. We need to strengthen our cyber defenses to more quickly detect and prevent these targeted attacks on our most critical industries.”
 
“As foreign adversaries and the criminal organizations they harbor continue to target our critical infrastructure systems, it is essential we work to protect these networks from attacks that can lead to significant harm to the American people,” Peters said. “This bipartisan, commonsense bill will help shore up the defenses of critical infrastructure networks and address vulnerabilities in products and technologies that help operate them.”
 
“Attacks like the one against Colonial Pipeline show the real-world implications that cyberattacks against critical infrastructure can have,” Portman said. “CISA’s role to play in supporting critical infrastructure owners and operators is crucial. I am pleased to join my bipartisan colleagues in introducing this bill to ensure CISA can better defend against threats and increase the cybersecurity of critical infrastructure.”
 
“The trend over the last decade to interconnect, automate, and in some cases bring online industrial controls has introduced significant cyber vulnerabilities, attack vectors and even potential systemic risk,” Warner said. “The federal government needs to understand these risks and help our critical infrastructure sectors prepare for and defend against these threats, and this bill takes a good step forward in doing that.”
 
Background: 
 
Critical infrastructure companies in the United States have seen a stark rise in cyber-attacks. Earlier this year, hackers breached the network of a major oil pipeline forcing the company to shut down over 5,500 miles of pipeline – leading to increased prices and gas shortage for communities across the East Coast. These attacks, and others, highlighted the urgent need to secure critical infrastructure systems from foreign adversaries and criminal organizations who are relentless in their pursuit to exploit vulnerabilities and infiltrate networks.
 
The DHS Industrial Control Systems Capabilities Enhancement Act directs CISA to lead federal efforts to better identify and respond to threats against Industrial Control Systems and the critical infrastructure networks they help operate. The legislation also requires CISA to provide technical assistance to public and private sector entities on how they can work to identify and mitigate vulnerabilities in their operational technology systems. The bill would also ensure CISA shares information on cyber threats with users of Industrial Control Systems and provides a briefing to Congress on its ability to protect these critical systems. Finally, the legislation would require the Government Accountability Office to produce a report on its implementation and CISA’s capabilities to fulfill this mandate.
 
Rubio is Vice Chair of the Senate Select Committee on Intelligence.