Katko, Spanberger Lead Major Effort To Secure Systemically Important Critical Infrastructure
WASHINGTON – U.S. Rep. John Katko (R, NY-24), Ranking Member of the House Committee on Homeland Security, and U.S. Rep. Abigail Spanberger (D, VA-07) today introduced significant legislation to protect systemically important critical infrastructure (SICI) from cyber attacks. Their bill, the Securing Systemically Important Critical Infrastructure Act, helps establish a transparent process for designating SICI and directs the Cybersecurity and Infrastructure Security Agency (CISA) to prioritize meaningful benefits to SICI owners and operators without any additional burden.
“Over the past year, we’ve seen the devastating real-world impacts of sophisticated cyber attacks on our nation’s critical infrastructure,” said Rep. Katko. “To mitigate risks to our economic and national security going forward, we need a clear process for identifying which infrastructure constitutes systemically important critical infrastructure. Disruption to this infrastructure – ranging from pipelines to software – could have an outsized impact on our homeland security. The owners and operators of SICI naturally demand deeper cyber risk management integration with the federal government.
“In recent months, we have collaborated extensively with industry to codify a transparent, well-understood, stakeholder-involved process for identifying SICI,” continued Katko. “Our goal is to understand the single points of failure and layers of systemic risk in our economy, because if everything is critical, nothing is. This effort is complementary to bipartisan incident reporting legislation that recently passed the House. As cyber attackers continue to act with impunity and disrupt our critical infrastructure, time is of the essence. I look forward to working with Chairman Thompson and the Committee Majority to advance this critical legislation.”
“Earlier this year, Central Virginia families and businesses felt the serious impacts of the cyberattack on the Colonial Pipeline. In our communities, we saw how critical infrastructure — such as the Colonial Pipeline — plays a fundamental role in our daily lives and in the day-to-day success of our regional economy,” said Rep. Spanberger. “As we look to protect the American people from future threats and keep our economy competitive, I am proud to join my colleague, Ranking Member Katko, in introducing this timely legislation. Our bipartisan bill would help us identify the critical infrastructure that is particularly foundational and systemically important to our economy and national security, and it would help prioritize protecting these systemically important systems from the serious consequences cyberattacks can have on public safety and health, as well as on our supply chains.”
U.S. Rep. Andrew Garbarino (NY-02), Ranking Member of the Cybersecurity, Infrastructure Security & Innovation Subcommittee, is an original co-sponsor of the legislation.
“The U.S. intelligence community has confirmed that foreign adversaries like Russia, China, Iran, and North Korea currently have the capability to launch cyber attacks against our nation’s critical infrastructure,” said Rep. Garbarino. “The threat is real and must be met with practical mitigation measures. The Securing Systemically Important Critical Infrastructure Act will ensure owners and operators of America’s most critical infrastructure differentiate covered assets according to a risk management-based framework. I am confident in the partnership between CISA, Sector Risk Management Agencies, and private sector partners to ensure the SICI within each of the 16 critical infrastructure sectors are resilient to cyber threats.”
Specifically, this legislation will:
- Authorize the CISA Director to establish a transparent, stakeholder-driven process to designate systemically important critical infrastructure, or SICI.
- Require CISA to consult with Sector Risk Management Agencies (SRMAs) and stakeholders in establishing a methodology and criteria for determining what critical infrastructure qualifies as SICI.
- Provide CISA with clear guidance and parameters for establishing the criteria for SICI.
- Require CISA to provide SICI owners and operators with the option to take part in prioritized cybersecurity services, including:
- Front of the line access for CISA’s key cybersecurity programs, including technical assistance, and voluntary programs to continuously monitor and detect cybersecurity risks;
- Prioritized representation in CISA’s newly established Joint Cyber Defense Collaborative (JCDC);
- Prioritized applications of SICI owners and operators for security clearances, as appropriate.