New Infrastructure Act will tackle cyber incidents with cybersecurity tool, establish office of cyber coordinator
The U.S. House of Representatives passed on Friday a US$1.2 trillion bipartisan infrastructure bill that will bring about much-needed improvements to the nation’s critical infrastructure sector. The bill calls for the development of a cybersecurity tool and setting up of the office of cyber coordinator, in a bid to boost infrastructure resiliency in the country, already plagued by several cyber incidents and threats.
The bill, called the ‘Infrastructure Investment and Jobs Act (IIJA),’ was sponsored by Peter DeFazio, a Democrat from Oregon and chair of the House Committee on Transportation and Infrastructure. In a statement released Friday, DeFazio said that the bill provides, “the long-overdue investments in our nation’s infrastructure included in the bipartisan Infrastructure Investment and Jobs Act will grow the economy, strengthen our global competitiveness, create good-paying union jobs that can’t be sent overseas, and make our communities more resilient, livable, and equitable.”
The final vote for the bill was 228-206, with thirteen Republicans voting with the majority of Democrats in support of the bill, while six Democrats voted against it.
U.S. President Joe Biden hailed the passage of the bill, calling it “a once-in-a-generation investment that’s going to create millions of jobs modernizing our infrastructure — our roads, our bridges, our broadband, a whole range of things — to turn the climate crisis into an opportunity,” according to a White House statement on Saturday.
“And it puts us on a path to win the economic competition of the 21st century that we face with China and other large countries and the rest of the world,” President Biden added.
First passed in the U.S. Senate in August following several months of negotiations, the IIJA bill includes the committee-passed surface transportation reauthorization bills from the Commerce and Environment and Public Works Committees, the Drinking Water and Wastewater Infrastructure Act passed by the Senate, and the Energy Infrastructure Act approved by the Energy and Natural Resources Committee, Lexology said in a blog post.
Sec. 11510 of the IIJA bill deals with the development of a cybersecurity tool and setting up of the office of cyber coordinator. The bill has laid down that the administrator of the federal highway administration shall within two years of the enactment of the bill develop a cybersecurity tool that will work in assisting transportation authorities to identify, detect, protect against, respond to, and recover from cyber incidents.
In developing the cybersecurity tool, the administrator shall use the cybersecurity framework established by the National Institute of Standards and Technology (NIST) and required by Executive Order 13636 of Feb. 12, 2013, and establish a structured cybersecurity assessment and development program.
The bill also called for coordination with the Transportation Security Administration (TSA) and the Cybersecurity and Infrastructure Security Agency (CISA). It also called for consultation with appropriate transportation authorities, operating agencies, industry stakeholders, and cybersecurity experts, and enabling a period of public comment and review on the tool.
The IIJA bill also included guidelines for setting up the office of ‘Cyber Coordinator,’ with a period of two years from the date of enactment of the Act. The office shall be responsible for monitoring, alerting, and advising transportation authorities of cyber incidents.
The provisions of the bill have laid down that the office is responsible for working with the TSA and the CISA to provide transportation authorities with a secure method of notifying the federal highway administration of cyber incidents, sharing information collected with the TSA and the CISA, and monitoring cyber incidents that affect transportation authorities.
The IIJA bill also called for alerting transportation authorities to cyber incidents that affect those transportation authorities, investigating unaddressed cyber incidents that affect transportation authorities and providing to transportation authorities educational resources, outreach, and awareness on fundamental principles and best practices in cybersecurity for transportation systems.
Hailing the passage of the infrastructure bill, the Association of Metropolitan Water Agencies (AMWA) said in a LinkedIn post, that “on its way to the president for his signature: $48.4 billion over five years for drinking water and wastewater spending. It includes funds for LSL replacement, bill-payer assistance, and PFAS, plus $375 million for drinking water and wastewater system climate and cybersecurity resilience, among other things. Let’s hope all of this gets appropriated,” it added.
The AMWA is an organization of the largest publicly owned water utilities in the United States. AMWA is the voice of metropolitan water systems on federal water policy issues, and its programs foster sustainable, innovative utility management.
“On behalf of America’s investor-owned electric companies, EEI congratulates Congress for passing a broad, bipartisan infrastructure bill that will make significant investments in the critical energy infrastructure and new carbon-free technologies our industry needs to deliver a 100-percent clean energy future to the customers and communities we serve,” Tom Kuhn, Edison Electric Institute (EEI) president said in a statement.
“Customers and communities across the country also will benefit from this legislation’s support for investments in middle-mile broadband infrastructure, which will help to bridge the digital divide for underserved and unserved areas,” Kuhn added.
The industry also welcomed the passage of the infrastructure bill. “We applaud the passage of the bipartisan Infrastructure Investment and Jobs Act and its broad vision for infrastructure,” Barbara Humpton, president and CEO at Siemens USA, said in a company statement. “This bill goes well beyond roads and bridges to provide essential investment in rail, electric vehicle infrastructure, the grid, and America’s workforce. This bill provides us with a strong foundation to shape the future we want,” she added.
“We are encouraged that Congress has included $50 billion in the infrastructure bill to improve the resiliency of power and water systems, protecting them from cyberattacks and natural disasters,” Mark Carrigan, cyber vice president for process safety and OT cybersecurity at Hexagon PPM, wrote in an emailed statement.
Operators in critical infrastructure should not wait on Congress to continue their investments to improve operational resiliency, according to Carrigan. “It is ‘when,’ not ‘if,’ a natural disaster or cyber attack will strike. What matters is our ability to respond and recover from these events and restore service within an acceptable period of time,” he added.
The passage of the IIJA bill comes as cybersecurity expert Joe Weiss raised in his latest blog post the fact that the threat to the electric grid (not just in the US) from Chinese equipment with hardware backdoors should not be minimized. “Exacerbating this issue is that Chinese transformers are cheaper than North American-made transformers, there are no industry requirements to monitor the manufacturing of this Chinese equipment, and Presidential Executive Order 13920 to prevent the use of Chinese equipment in the US grids was suspended and not replaced in-kind,” he added.
The Office of the US Director of National Intelligence (DNI) found in a recent report that the “deployment of utility-scale solar and wind technologies in remote areas is likely to require ultra-high-voltage transmission lines to move the power to cities. China is the world’s leading supplier of advanced grid components for ultra-high-voltage systems, such as transformers, circuit breakers, and inverters, which we assess creates cyber vulnerability risks,” the report added.
A complimentary guide to the who`s who in industrial cybersecurity tech & solutions
Free DownloadRelated
