Attacks and Vulnerabilities
Critical infrastructure
Medical
News
Regulation, Standards and Compliance
Threat Landscape
Vulnerabilities

Senate Homeland Committee advances bills on healthcare, satellite cybersecurity

March 31, 2022
Senate Homeland Committee advances bills on healthcare, satellite cybersecurity

The Senate Homeland Security and Governmental Affairs Committee cleared the Satellite Cybersecurity bill that works towards protecting commercial satellites from cybersecurity threats. In addition, the Committee also cleared an amended version of the Healthcare Cybersecurity Act of 2022 that would require the Department of Health and Human Services (HHS) and the Cybersecurity and Infrastructure Security Agency (CISA) to enter into a collaborative agreement around improving cybersecurity in the healthcare and public health sectors.

The need for satellite cybersecurity has gained importance with the emergence of commercial satellites that provide data and information used for navigation, agriculture, technology development, and scientific research. In addition, industrial control systems – the technology involved in operating critical infrastructure networks like pipelines, water, and electric utilities – are also heavily reliant on commercial satellites.

Introduced in January by U.S. Senator Gary Peters, a Democrat from Michigan and chairman of the Homeland Security and Governmental Affairs Committee, the Satellite Cybersecurity bill calls upon the Comptroller General of the U.S. to conduct a study on the actions the federal government has taken to support the cybersecurity of commercial satellite systems. The report must include as part of any action to address the cybersecurity of critical infrastructure sectors.

According to the provisions of the bill, within one year of the enactment, the Comptroller General shall report to Congress on the effectiveness of efforts of the federal government in improving the cybersecurity of commercial satellite systems.

The report will also take into account the resources made available to the public by federal agencies to address cybersecurity threats to commercial satellite systems, assess the extent to which commercial satellite systems are reliant on, or are relied on, by critical infrastructure and an analysis of how commercial satellite systems, and the threats to such systems, are integrated into federal and non-federal critical infrastructure risk analyses and protection plans.

The report will also evaluate the extent to which federal agencies are reliant on commercial satellite systems and how federal agencies mitigate cybersecurity risks associated with those systems. It will also estimate how federal agencies coordinate or duplicate authorities and take other actions focused on the cybersecurity of commercial satellite systems.

Under the rules of the Satellite Cybersecurity bill, the Comptroller General shall coordinate the report with the Secretary of Homeland Security, Director of the National Institute of Standards and Technology (NIST), Secretary of Defense, Federal Communications Commission, National Oceanic and Atmospheric Administration, National Aeronautics and Space Administration, Federal Aviation Administration, and the head of any other federal agency determined appropriate by the Comptroller General.

Earlier this month, U.S. security agencies had called for strengthening the cybersecurity of national and international satellite communication (SATCOM) networks, following concerns of possible threats to these networks. The agencies reveal that successful intrusions could create risk in SATCOM network providers’ customer environments. The European Union Aviation Safety Agency (EASA) also released a safety information bulletin in the current context of the Russian invasion of Ukraine. 

The advancement of the Satellite Cybersecurity bill gains significance in the wake of Viasat’s KA-SAT satellite network that was affected by a cyberattack that triggered satellite service outages in Central and Eastern Europe on Feb. 24, the day Russia invaded Ukraine. An incident report shared by the satellite communications provider on Wednesday revealed that the incident affected thousands of Ukrainian customers and tens of thousands of other broadband customers across Europe. However, it also added that the attack had no impact on its directly managed government and mobility or users using the KA-SAT satellite or other Viasat networks worldwide.

The Senate committee also advanced the ‘Healthcare Cybersecurity Act of 2022,’ which requires the CISA to collaborate with the HHS, including by agreeing, as appropriate, to improve cybersecurity in the healthcare and public health sector. 

The legislation also calls for training for healthcare experts. The cybersecurity advisors and cybersecurity state coordinators of the CISA shall, in coordination, as appropriate, with private sector healthcare experts, provide training to healthcare and public health sector asset owners and operators on cybersecurity risks to the healthcare and public health sector and assets within the sector, and ways to mitigate the risks to information systems in the healthcare and public health sector.

The advancement of these bills is critical to securing the overall cybersecurity posture of the critical infrastructure sector. Last week, U.S. President Joe Biden asked critical infrastructure owners and operators to improve domestic cybersecurity and bolster national resilience. The latest warning comes in the wake of ‘evolving intelligence’ that the Russian government is exploring options for potential cyberattacks.

Last month, the CISA also issued a ‘Shields Up’ alert that notifies every organization in the country of potential risk from cyber threats that can disrupt essential services and potentially impact public safety. 

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

TXOne’s Portable Security Pro works towards improving security in ICS environments
TXOne Networks presents SageOne, its new CPS protection platform
Critical Start
Critical Start introduces managed detection and response services for OT environments
Shift5
Shift5 debuts GPS integrity module to combat GPS spoofing risks
Securing cloud, IIoT in Industry 4.0 emerges crucial for protecting industrial operations across OT/ICS environments
Securing cloud, IIoT in Industry 4.0 emerges crucial for protecting industrial operations across OT/ICS environments
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
MITRE's CREF Navigator aligns with DoD's CMMC to boost cyber resilience in defense industrial base
MITRE’s CREF Navigator aligns with DoD’s CMMC to boost cyber resilience in defense industrial base
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
ASIS Foundation reports on impact of autonomous vehicles on security and technology
ASIS Foundation reports on impact of autonomous vehicles on security and technology