[Congressional Record (Bound Edition), Volume 158 (2012), Part 9]
[Extensions of Remarks]
[Page 12543]
[From the U.S. Government Publishing Office, www.gpo.gov]




THE ``IDENTIFYING CYBERSECURITY RISKS TO CRITICAL INFRASTRUCTURE ACT OF 
                                 2012''

                                 ______
                                 

                         HON. YVETTE D. CLARKE

                              of new york

                    in the house of representatives

                        Thursday, July 26, 2012

  Ms. CLARKE of New York. Mr. Speaker, I am proud today to introduce 
the ``Identifying Cybersecurity Risks to Critical Infrastructure Act of 
2012'', a bill to assess the risks that networks controlling our 
critical infrastructure face from cyber attacks. I am also proud to 
have developed this legislation in collaboration with my colleague, the 
gentleman from California, and Chairman of the Committee on Homeland 
Security Subcommittee on Cybersecurity, Infrastructure Protection, and 
Security Technologies, Representative Lungren.
  Critical infrastructure, which can be found in all of our districts, 
powers our homes and keeps our water running. However, all too often, 
in the digital era, industrial control systems that operate much of 
this critical infrastructure are vulnerable to cyber attacks. A recent 
report by the Washington Post found that thousands of these control 
systems could be accessed directly through the Internet, leaving them 
open to exploitation by even ``moderately talented hackers''.
  And according to Assistant to the President and Deputy National 
Security Adviser John Brennan, there have been over 200 known attempted 
or successful cyberintrusions against control systems that operate 
critical infrastructure in 2011 alone, which was a five-fold increase 
over 2010.
  There has been an active debate this Congress on cybersecurity, and 
particularly how best to protect our critical infrastructure from 
crippling cyber attacks. But regardless of where you stand on the 
proper role for the Federal government in protecting critical 
infrastructure, I am sure we can all agree that the nature of the cyber 
threat to critical infrastructure, including vulnerabilities present in 
our critical infrastructure networks, need to be known so that critical 
infrastructure owners and operators can be empowered to bolster their 
cybersecurity and protect their systems.
  Specifically, my bill directs the Secretary of Homeland Security to 
conduct risk assessments of critical infrastructure sectors to 
identify:
  1. The threats to critical infrastructure from foreign intelligence 
services, cybercriminals, and hacker groups;
  2. The consequences that would result from a major cyber attack on 
critical infrastructure; and
  3. The vulnerabilities in our critical infrastructure networks that 
could be exploited by hackers.
  This bill would not only help our government understand the threat we 
face, it would benefit the critical infrastructure owners and operators 
protect their networks, giving them a fuller understanding of 
vulnerabilities in their systems.
  It would not create any rules, regulations, or standards that private 
industry would need to comply with, and much of this language was first 
proposed by Committee Republicans, consistent with the recommendations 
of the House Republican cybersecurity task force.
  This bill would take proactive steps to identify and assess cyber 
risks to help raise the level of cybersecurity protecting our Nation's 
critical infrastructure networks, without creating any burdensome 
regulations or bureaucracy. This issue is far too important, and the 
risk of cyber attack on our critical infrastructure is too grave, to 
let another Congress pass without taking action.
  I urge my colleagues to cosponsor the ``Identifying Cybersecurity 
Risks to Critical Infrastructure Act of 2012'', and work with me to 
secure passage of this critical bipartisan homeland security 
legislation.

                          ____________________