Reps. Dan Crenshaw, R-Texas, and Seth Magaziner, D-R.I., introduced new bipartisan legislation last week that would require an assessment of the manual operations of critical infrastructure in the event of a cyberattack.
The lawmakers introduced the Contingency Plan for Critical Infrastructure Act on June 18 to help protect critical infrastructure – such as the electric grid, water systems, and pipelines – from damaging cyberattacks.
The bill would task the director of the Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the administrator of the Federal Emergency Management Agency (FEMA) and other sector risk management agencies, to deliver a joint report to Congress detailing what happens when infrastructure operators cannot quickly transition to manual operation.
“Cyberattacks are the number one threat to America’s critical infrastructure, and it’s not a problem any one government agency can solve or even protect against,” Rep. Crenshaw said in a press release. “The private sector must be more involved, especially when it comes to our water, our energy, our transportation, and our communications.”
“We need a comprehensive assessment of what more can be done to make critical infrastructure more resilient to future cyberattacks, and we need it immediately,” he stressed.
The bill requires the report to include an assessment of CISA’s role in the remediation and response of cyber incidents, as well as in supporting critical infrastructure operators in maintaining operations of essential systems.
It would also assess FEMA’s National Response Framework and how the agency is “equipped to assist critical infrastructure owners and operators in transitioning to manual operating mode during cyber incidents,” according to the release.
The report would also examine the potential costs and challenges associated with mandating sectors to shift to manual operating mode in the event of a cyberattack. Additionally, it would include policy recommendations focused on ensuring the continuous operation of critical infrastructure.
Finally, the bill requires FEMA to update its Planning Considerations for Cyber Incidents to include best practices, guidelines on how to respond to a cyberattack, and resources available to support owners and operators of critical infrastructure if they need to transition to manual operating mode.
“We need to ensure that the infrastructure Americans depend on to keep the lights on, the water running, and commerce flowing, are protected from cyberattacks,” said Rep. Magaziner. “This bipartisan bill will help ensure that Americans are protected from criminals and adversarial nations who target our country in cyberspace on a daily basis.”
