[Congressional Record Volume 158, Number 113 (Thursday, July 26, 2012)]
[Extensions of Remarks]
[Page E1338]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]
THE ``IDENTIFYING CYBERSECURITY RISKS TO CRITICAL INFRASTRUCTURE ACT OF
2012''
______
HON. YVETTE D. CLARKE
of new york
in the house of representatives
Thursday, July 26, 2012
Ms. CLARKE of New York. Mr. Speaker, I am proud today to introduce
the ``Identifying Cybersecurity Risks to Critical Infrastructure Act of
2012'', a bill to assess the risks that networks controlling our
critical infrastructure face from cyber attacks. I am also proud to
have developed this legislation in collaboration with my colleague, the
gentleman from California, and Chairman of the Committee on Homeland
Security Subcommittee on Cybersecurity, Infrastructure Protection, and
Security Technologies, Representative Lungren.
Critical infrastructure, which can be found in all of our districts,
powers our homes and keeps our water running. However, all too often,
in the digital era, industrial control systems that operate much of
this critical infrastructure are vulnerable to cyber attacks. A recent
report by the Washington Post found that thousands of these control
systems could be accessed directly through the Internet, leaving them
open to exploitation by even ``moderately talented hackers''.
And according to Assistant to the President and Deputy National
Security Adviser John Brennan, there have been over 200 known attempted
or successful cyberintrusions against control systems that operate
critical infrastructure in 2011 alone, which was a five-fold increase
over 2010.
There has been an active debate this Congress on cybersecurity, and
particularly how best to protect our critical infrastructure from
crippling cyber attacks. But regardless of where you stand on the
proper role for the Federal government in protecting critical
infrastructure, I am sure we can all agree that the nature of the cyber
threat to critical infrastructure, including vulnerabilities present in
our critical infrastructure networks, need to be known so that critical
infrastructure owners and operators can be empowered to bolster their
cybersecurity and protect their systems.
Specifically, my bill directs the Secretary of Homeland Security to
conduct risk assessments of critical infrastructure sectors to
identify:
1. The threats to critical infrastructure from foreign intelligence
services, cybercriminals, and hacker groups;
2. The consequences that would result from a major cyber attack on
critical infrastructure; and
3. The vulnerabilities in our critical infrastructure networks that
could be exploited by hackers.
This bill would not only help our government understand the threat we
face, it would benefit the critical infrastructure owners and operators
protect their networks, giving them a fuller understanding of
vulnerabilities in their systems.
It would not create any rules, regulations, or standards that private
industry would need to comply with, and much of this language was first
proposed by Committee Republicans, consistent with the recommendations
of the House Republican cybersecurity task force.
This bill would take proactive steps to identify and assess cyber
risks to help raise the level of cybersecurity protecting our Nation's
critical infrastructure networks, without creating any burdensome
regulations or bureaucracy. This issue is far too important, and the
risk of cyber attack on our critical infrastructure is too grave, to
let another Congress pass without taking action.
I urge my colleagues to cosponsor the ``Identifying Cybersecurity
Risks to Critical Infrastructure Act of 2012'', and work with me to
secure passage of this critical bipartisan homeland security
legislation.
____________________