To better prepare against cyber attacks, U.S. Reps. John Katko (R-NY) and Andrew Garbarino (R-NY) are working to ensure that the United States has a comprehensive understanding of what actually constitutes its critical infrastructure.
“Over the past year, we’ve seen the devastating real-world impacts of sophisticated cyber attacks on our nation’s critical infrastructure,” said Rep. Katko, ranking member of the U.S. House Homeland Security Committee. “To mitigate risks to our economic and national security going forward, we need a clear process for identifying which infrastructure constitutes systemically important critical infrastructure.”
“The U.S. intelligence community has confirmed that foreign adversaries like Russia, China, Iran, and North Korea currently have the capability to launch cyber attacks against our nation’s critical infrastructure,” said Rep. Garbarino, ranking member of the Cybersecurity, Infrastructure Security & Innovation Subcommittee. “The threat is real and must be met with practical mitigation measures.”
The Securing Systemically Important Critical Infrastructure Act, H.R. 5491, which Rep. Katko sponsored on Oct. 5 alongside original cosponsors Rep. Garbarino and U.S. Rep. Abigail Spanberger (D-VA), would direct the Cybersecurity and Infrastructure Security Agency (CISA) to designate the process for identifying systemically important critical infrastructure (SICI), according to a one-page bill summary released by his office.
CISA also would be required to consult with Sector Risk Management Agencies and stakeholders in establishing a methodology and criteria for determining what critical infrastructure qualifies as SICI, “whose disruption would have a debilitating effect on national security, public health or economic security,” the summary says.
Rep. Garbarino said he’s confident that the partnership between CISA, Sector Risk Management Agencies, and private-sector partners would ensure the SICI within each of the CISA-designated 16 critical infrastructure sectors would be resilient to cyber threats.
“Our goal is to understand the single points of failure and layers of systemic risk in our economy, because if everything is critical, nothing is,” added Rep. Katko. “The owners and operators of SICI naturally demand deeper cyber risk management integration with the federal government.”
Rep. Katko pointed out that in recent months, he and his colleagues have collaborated extensively with industry “to codify a transparent, well-understood, stakeholder-involved process for identifying SICI.”
“As cyber attackers continue to act with impunity and disrupt our critical infrastructure, time is of the essence,” he said.
If enacted, H.R. 5491 also would provide CISA with clear guidance and parameters for establishing the criteria for SICI, and would require CISA to provide SICI owners and operators with the option to take part in prioritized cybersecurity services, including front of the line access for CISA’s key cybersecurity programs, prioritized representation in CISA’s newly established Joint Cyber Defense Collaborative, and prioritized applications of SICI owners and operators for security clearances, according to the bill summary.