Senators introduced bipartisan legislation this week aimed to strengthen the United States’ cybersecurity posture and protect the nation’s Systemically Important Critical Infrastructure (SICI). The bill includes several key recommendations from the Cyberspace Solarium Commission (CSC).
The Defense of United States Infrastructure Act, introduced by Sens. Angus King, I-Maine, co-chair of the CSC, Mike Rounds, R-S.D., and Ben Sasse, R-Neb., commissioner of the CSC, on July 28 would provide funding, tools, and authority to protect SICI.
Specifically, the bill would establish a Bureau of Cyber Statistics, which would exist within the Department of Homeland Security, to collect and publish cybersecurity statistics to better understand cybersecurity threats facing the United States and how to address them.
Chris Inglis, the national cyber director, endorsed the creation of the Bureau of Cyber Statistics on August 2, saying it would “mandate that organizations providing cybersecurity incident response services or insurance products” produce such data every 180 days for statistical purposes.
“To properly address risk, we have to first understand it, we have to understand where it’s concentrated, where it cascades, what causes it, and more importantly to then discover how to address it,” Inglis said. “The Bureau of Cyber Statistics would do just that.”
The bill would also establish the National Cyber Resilience Assistance Fund, which Inglis also endorsed this week. Inglis said the fund could be used, based on accurate information from the Bureau of Cyber Statistics, to “invest in a system where we achieve resilience and robustness to avoid the problems that we’ve been experiencing over the last many years.”
Additionally, the legislation would task the secretary of Homeland Security with “creating a new designation for the most critical of our critical infrastructure” and create hiring authorities for the Office of the National Cyber Director, allowing Inglis to add top talent to his office.
The bill would also direct the Cybersecurity and Infrastructure Security Agency (CISA) to create the Joint Collaborative Environment, a cloud-based information sharing environment. Additionally, CISA’s director would be given a five-year term.
“In recent months, we’ve seen our gas pipelines, food system, water systems, and more hacked and attacked – and those are just the incidents that rose to widespread awareness,” Sen. King said in a press release. “These intrusions have made one thing crystal clear: America’s critical infrastructure is dangerously vulnerable to cyber disaster.”
“In an increasingly wired society, a targeted cyberattack could cripple key systems, cost countless lives, and have direct impacts on our everyday life. I truly believe that the next Pearl Harbor or 9/11-scale attack will be cyber in nature – but there is still time to act and prevent catastrophe,” he added. “We must strengthen our cyber resilience, defend our critical infrastructure, and give our cyber leaders the tools they need to succeed – before it’s too late.”