Analysis
Attacks and Vulnerabilities
CISA
Critical infrastructure
ICS Cyber Security Training
Industrial Cyber Attacks
News
Regulation, Standards and Compliance
Risk & Compliance
The Skills Gap - Training & Development
Training

US House clears ICS cybersecurity training bill

June 22, 2022
US House clears ICS cybersecurity training bill

The U.S. House of Representatives has passed the bill that establishes within the Cybersecurity and Infrastructure Security Agency (CISA) an initiative to provide the cybersecurity workforce with no-cost virtual and in-person courses and training on cybersecurity for industrial control systems (ICS). In carrying out the initiative, the bill directs CISA to engage in collaboration with the Department of Energy’s National Laboratories and consultation with Sector Risk Management Agencies (SRMAs) and, as appropriate, the private sector. 

The Industrial Control Systems Cybersecurity Training bill was introduced last month by U.S. Representative Eric Swalwell, a Democrat from California and a member of the House Select Committee on Intelligence, House Judiciary Committee, and House Homeland Security Committee. The bill also directs CISA to provide an annual report on the initiative, along with any plans and recommendations for expanding and strengthening ICS cybersecurity education and training. 

“Today, the House passed my Industrial Control Systems Cybersecurity Training Act, which will strengthen U.S. cybersecurity protections from emerging threats and educate information technology professionals across the nation on how best to protect against foreign cyber threats,” Swalwell wrote in a Twitter message on Tuesday. 

Speaking in the House, Swalwell said that “H.R.7777 is not a winning number on a slot machine, it’s a winning formula for bringing cyber hygiene to our industrial control systems across America. Every day, we rely on critical infrastructure to power our homes, fuel our cars and connect us online. One essential component of critical infrastructure are Industrial Control Systems, also known as ICS, which digitally manages operations of these vital systems.”

“As Congress considers legislation to address cybersecurity threats to American interests, my legislation would help secure vulnerable ICS at every level of our economy and government,” Swalwell said. “ H.R.7777 would make permanent an existing education initiative within the Cybersecurity and Infrastructure Security Agency, or CISA. This initiative, the ICS Training Initiative, provides free virtual and in-person cybersecurity training to public and private security entities including critical infrastructure administrators, national laboratories, and even small businesses.”

Training will equip technology professionals across all levels with the tools and expertise necessary to secure themselves against advanced persistent threats, Swalwell added.    

Ahead of its passing in the House, the Industrial Control Systems Cybersecurity Training bill was sent to the Committee on Homeland Security. 

“Working in ICS cybersecurity must understand how technology impacts industrial operations, there are additional types of training required,” Bennie Thompson, Homeland Security Committee Chairman and a Democrat from Mississippi, wrote in his report. “According to a group of industrial cybersecurity experts convened by Idaho National Laboratory and Idaho State University, there are six industrial cybersecurity knowledge domains that are not included in traditional cybersecurity education: industrial operations, instrumentation and control, equipment, communications, safety, and regulation. Expanded Federal support for ICS cybersecurity training would ensure more workers have the necessary, specialized skills to protect ICS,” he added.

The report also focused on recent cybersecurity incidents including the Oldsmar water plant hack, Colonial Pipeline ransomware attack, and an April joint cybersecurity advisory warning of specific advanced persistent threat (APT) hackers have exhibited the capability to gain full system access to multiple ICS/supervisory control and data acquisition (SCADA) devices.

“Because of the complexity of defending ICS, mitigating the risk posed by this malware will take time. As the threats posed to ICS only increase, additional workers will specialized skills to defend these vital systems will be needed,” Thompson said. “To address these challenges, H.R. 7777 codifies CISA’s ICS cyber-security training program, under which CISA provides no-cost virtual and in-person trainings and courses to help workers across critical infrastructure develop the skills necessary to better defend ICS from cyber threats,” he added. 

Thompson also pointed to the provisions of the bill that include important oversight mechanisms by requiring an annual report to Congress on the program, along with plans and recommendations for expanding access to ICS cybersecurity training and increasing participation by women and underrepresented communities, better ensuring that the nation’s full talent pool is utilized in this important mission. “These reports will also provide Congress with critical insights to develop future legislative actions that may be necessary to support the ongoing effort to strengthen the ICS cybersecurity workforce,” he added.

Last year, a member of the House Committee on Homeland Security introduced bipartisan supported legislation, ‘DHS Industrial Control Systems Enhancement Act of 2021,’ in a critical step that could help to solidify the CISA’s lead role in protecting the critical infrastructure in the U.S., especially ICS, from cyber threats. The bill has since passed in the House.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
MITRE's CREF Navigator aligns with DoD's CMMC to boost cyber resilience in defense industrial base
MITRE’s CREF Navigator aligns with DoD’s CMMC to boost cyber resilience in defense industrial base
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
ASIS Foundation reports on impact of autonomous vehicles on security and technology
ASIS Foundation reports on impact of autonomous vehicles on security and technology
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
RMC
Risk Mitigation Consulting acquires Securicon, boosting cybersecurity and mission assurance offerings
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation