117 HR 1833 IH: DHS Industrial Control Systems Capabilities Enhancement Act of 2021 U.S. House of Representatives 2021-03-11 text/xml EN Pursuant to Title 17 Section 105 of the United States Code, this file is not subject to copyright protection and is in the public domain.

I117th CONGRESS1st SessionH. R. 1833IN THE HOUSE OF REPRESENTATIVESMarch 11, 2021Mr. Katko (for himself, Mr. Thompson of Mississippi, Mr. Garbarino, Ms. Clarke of New York, Mr. Bacon, Mr. Gimenez, Mrs. Cammack, Mr. Langevin, and Mr. Rutherford) introduced the following bill; which was referred to the Committee on Homeland SecurityA BILLTo amend the Homeland Security Act of 2002 to provide for the responsibility of the Cybersecurity and Infrastructure Security Agency to maintain capabilities to identify threats to industrial control systems, and for other purposes.

1.

Short title

This Act may be cited as the DHS Industrial Control Systems Capabilities Enhancement Act of 2021.

2.

Capabilities of the Cybersecurity and Infrastructure Security Agency to identify threats to industrial control systems

(a)

In general

Section 2209 of the Homeland Security Act of 2002 (6 U.S.C. 659) is amended—(1)in subsection (e)(1)—(A)in subparagraph (G), by striking and after the semicolon;(B)in subparagraph (H), by inserting and after the semicolon; and(C)by adding at the end the following new subparagraph:(I)activities of the Center address the security of both information technology and operational technology, including industrial control systems;; and(2)by adding at the end the following new subsection:(p)

Industrial control systems

The Director shall maintain capabilities to identify and address threats and vulnerabilities to products and technologies intended for use in the automated control of critical infrastructure processes. In carrying out this subsection, the Director shall—(1)lead Federal Government efforts to identify and mitigate cybersecurity threats to industrial control systems, including supervisory control and data acquisition systems;(2)maintain threat hunting and incident response capabilities to respond to industrial control system cybersecurity risks and incidents;(3)provide cybersecurity technical assistance to industry end-users, product manufacturers, other Federal agencies, and other industrial control system stakeholders to identify, evaluate, assess, and mitigate vulnerabilities;(4)collect, coordinate, and provide vulnerability information to the industrial control systems community by, as appropriate, working closely with security researchers, industry end-users, product manufacturers, other Federal agencies, and other industrial control systems stakeholders; and(5)conduct such other efforts and assistance as the Secretary determines appropriate..(b)

Report to Congress

Not later than 180 days after the date of the enactment of this Act and every six months thereafter during the subsequent 4-year period, the Director of the Cybersecurity and Infrastructure Security Agency of the Department of Homeland Security shall provide to the Committee on Homeland Security of the House of Representatives and the Committee on Homeland Security and Governmental Affairs of the Senate a briefing on the industrial control systems capabilities of the Agency under section 2209 of the Homeland Security Act of 2002 (6 U.S.C. 659), as amended by subsection (a).