Rep. Ritchie Torres, D-N.Y., asked Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly in an Oct. 14 letter for a rundown on how CISA is carrying out its outsized role as risk manager for about half of the U.S. critical infrastructure sectors designated by the Department of Homeland Security (DHS).
The congressman’s letter zeroes in on CISA’s role as the Sector Risk Management Agency (SRMA) for multiple critical infrastructure sectors, in addition to its overarching cross-sector coordination role on cybersecurity and infrastructure protection.
“I would like to understand what CISA’s SRMA activities entail, how these lines of effort are organized, and whether CISA has the resources, relationships, and sector expertise to carry out both roles effectively,” said Rep. Torres, who is a member of the House Homeland Security Committee.
“There must be greater transparency and accountability around CISA’s role as a SRMA, how it measures success, and whether it has the authorities and resources it needs to oversee multiple sectors of critical infrastructure effectively and exclusively,” he said.
“Whereas most SRMAs oversee a single sector of critical infrastructure, CISA oversees at least eight of them – far more than any other SRMA,” Rep. Torres said, adding, “each of these sectors is complex, diverse, and unique in its security needs.”
In particular, Rep. Torres asked for information on steps that CISA has taken to secure the following sectors:
- Commercial Facilities;
- Critical Manufacturing;
- Emergency Services;
- Government Facilities;
- Information Technology;
- Nuclear Reactors, Materials, and Waste; and
- Transportation Systems.
Torres said he would like to get information on whether CISA has sector-dedicated liaisons, how often does CISA request information regarding feedback from each sector, and the status of an up update to the National Infrastructure Protection Plan (NIPP).
The congressman’s letter comes after Congress codified and augmented responsibilities across various sector SMRAs late last year.