House Passes Bill to Address Industrial Cybersecurity Threats

House lawmakers approved a new bill on Monday that’s aimed at securing technology used to power U.S. critical infrastructure from cyber-attacks.

The bill would codify work the Department of Homeland Security is currently doing to identify cyber threats to industrial control systems and ways to mitigate them.  Industrial control systems are used to run critical services across the United States, including the electric grid, water systems, and manufacturing plants.

An attack on the nation’s critical infrastructure could be potentially disastrous and could have extremely negative consequences on U.S. public health and safety, national security, and economic security.

Hackers tied to the Russian government were just recently blamed by the FBI and Homeland Security for instigating a cyber-attack against the U.S. energy sector and other critical infrastructure areas. Researchers found that the hackers were able to successfully breach the networks and access information on industrial control and supervisory control and data acquisition, also known as SCADA systems.

The increased fears associated with threats to the U.S. power grid sparked the bill, formally known as the “DHS Industrial Control Systems Capabilities Enhancement Act of 2018”. The bill would codify into law Homeland Security’s efforts to safeguard these systems by adjusting the Homeland Security Act of 2002 to instruct the department to maintain capabilities to help identify threats to industrial control systems and take the lead on coordinating across critical sectors to respond to cyber-attacks.

The bill would allow Homeland Security officials to provide cyber technical assistance to end users, manufacturers, and others to help find ways to mitigate vulnerabilities in industrial controls systems that could potentially be exploited by cybercriminals. It would also codify a current vulnerability disclosure program at the Department of Homeland Security whereby the department would disclose previously unknown flaws in these systems to the private sector.

Homeland Security officials would also be required to brief Congress on efforts to protect these systems twice a year for the first four years following its enactment.

NNT suggests implementing industry standards such as NERC CIP or the CIS Controls at a minimum to better secure industrial control systems from potential attacks. In addition, implementing Closed-Loop Intelligent Change Control to gain visibility into system configuration systems and spot unusual activity that could represent a cyber-attack before any serious damage is done.

Cloud and Container Security
The Most Powerful & Reliable Cybersecurity Products

change tracker gen7r2 logo

Change Tracker Gen 7R2: Complete configuration and system integrity assurance combined with the most comprehensive and intelligent change control solution available.

FAST Cloud logo

Fast Cloud: Leverage the world’s largest whitelist repository to automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology)

vulnerability tracker logo

Vulnerability Tracker: The world’s only limitless and unrestricted vulnerability scanning solution with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

log tracker logo

Log Tracker: Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds

Contact Us

Corporate Headquarters

Netwrix
6160 Warren Parkway, Suite 100
Frisco, Texas, 75034

Phone 1: 1-949-407-5125

Phone 2: 888-638-9749 (toll-free)


[email protected]
 

United Kingdom

Netwrix
5 New Street Square
London EC4A 3TW

Phone: +44 (0) 203 588 3023


 [email protected]
Information
SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Now Certified IBM Security
Copyright 2024, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.