New Industrial Control Systems Cybersecurity Training bill works toward bolstering nation’s cybersecurity posture

A new legislative bill has been introduced in the U.S. House of Representatives to help strengthen the nation’s cybersecurity protections in light of increased Russian cyber threats. The bill seeks to amend the Homeland Security Act of 2002 to authorize the Cybersecurity and Infrastructure Security Agency (CISA) to establish an industrial control systems cybersecurity training initiative and for other purposes.

Titled ‘Industrial Control Systems Cybersecurity Training Act,’ the legislation would educate information technology (IT) professionals across the nation on how best to protect against attacks on computer network security systems. In addition, the educational programs administered through the CISA would work towards keeping businesses running and infrastructure safe against foreign cyber threats.

Industrial Control Systems manage essential services through computer networks. Systems include electricity, petroleum production, water, transportation, manufacturing, and communications devices. As industrial control systems utilize online platforms, it is highly susceptible to intentional and unintentional security vulnerabilities.

The bill was introduced on Monday by U.S. Representative Eric Swalwell, a Democrat from California and a member of the House Select Committee on Intelligence, House Judiciary Committee, and House Homeland Security Committee. The legislation would address many of the concerns stemming from foreign attacks on industrial control systems by making permanent an education program within CISA that provides ICS cybersecurity training to public and private sector entities. The bill would also include annual reporting requirements with recommendations on expanding upon and improving industrial control systems’ cyber training against future threats.

“With the increased threat of Russian cyberattacks, we must be cognizant of cyberwarfare from state-sponsored actors,” Swalwell said in a media statement on Monday. “This bill would help train our information technology professionals in the federal government, national laboratories, and private sector to better defend against damaging foreign attacks.” 

Last week, the U.S. House of Representatives passed two key pieces of legislation. One of the bills helps create a supply chain security training program for federal officials, while the other legislation strengthens the federal cybersecurity workforce. The legislative bills have already passed in the U.S. Senate and are headed to the desk of President Joe Biden to be signed into law.

In March, the White House issued a stark warning of potential increases in destructive Russian cyberattacks targeting U.S. critical infrastructure. In response, the Department of Energy, CISA, National Security Agency, and Federal Bureau of Investigation released a recent joint advisory detailing the types of attacks administered by advanced persistent threat actors on multiple industrial control systems devices.

Last July, the U.S. House of Representatives advanced 13 bipartisan Homeland Security Committee bills addressing numerous aspects of the homeland security mission. Among these pieces of legislation are two bills introduced by U.S. Rep. John Katko, a Republican from New York and Ranking Member on the House Committee on Homeland Security, which aims to bolster cybersecurity, strengthen U.S. critical supply chains, and improve long-term economic security. 

The DHS Industrial Control Systems Capabilities Enhancement Act of 2021, spearheaded by Ranking Member Katko, was one of the most significant pieces of bipartisan cyber legislation to pass the House this Congress. It is designed to better enable the CISA’s ability to work with stakeholders on a partnership basis to identify vulnerabilities and harden systems. Additionally, the House passed another one of Katko’s legislation, the Domains Critical to Homeland Security Act which is aimed at addressing vulnerabilities in U.S. supply chains. 

Given the critical nature of industrial control systems, they have in recent weeks and months been various actions that aim at safeguarding and protecting these critical environments. The ICS Cyber Emergency Response Team of the CISA has expanded the scope of the Idaho National Laboratory’s Control Environment Laboratory Resource (CELR) research zone. The laboratory environment will now deliver an interactive test site for ICS and OT (operational technology) environments. Last month, the CISA expanded its Joint Cyber Defense Collaborative (JCDC) initiative to include the ICS industry consisting of security vendors, integrators, and distributors.

Anna Ribeiro

Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.