US Congress passes bipartisan bill to confront rising risks of cyberattack

The United States Congress earlier this week took an important step forward to better protect America from the increasing risks of industrial cyberattack when it approved The Cybersecurity Enhancement Act of 2014.

The bipartisan bill — which now goes to President Obama to be signed into law — is designed to strengthen and protect the nation’s economic and national security through public-private partnerships to improve cybersecurity and a greater reliance on cybersecurity standards; research and development; workforce development and education; and public awareness and preparedness.

Passage of the bill, which was sponsored by Senate Commerce, Science, and Transportation Committee Chairman John D. (Jay) Rockefeller IV (D-WV) and Ranking Member John Thune (R-SD), follows years of efforts to pass federal cybersecurity legislation. An earlier cybersecurity bill, The Cybersecurity Act of 2012, was defeated in the Senate. Its demise prompted President Obama to instruct the National Institute of Standards and Technology (NIST) to develop the US Cybersecurity Framework, which was introduced in February of this year.

As a leading authority on industrial automation control systems (IACS) security standards and the “Voice of Automation,” the Automation Federation and its founding association, the International Society of Automation (ISA), have worked closely for years with lawmakers in Washington — Senator Rockefeller, in particular — to build support for the passage of federal cybersecurity legislation.

At the federal government’s request, representatives of both the Automation Federation and ISA served as expert consultants to NIST as it coordinated the development of the US Cybersecurity Framework. In fact, long before the President called for a federal initiative on cybersecurity, Automation Federation and ISA leaders have been consulting with White House National Security Staff, US federal agency officials, and members of Congress on the critical need to establish national cybersecurity standards, guidelines and compliance testing.

IACS security standards developed by ISA (ISA99/IEC 62443) are integral components of the federal government’s plans to combat cyberattack because they’re designed to prevent and offset potentially devastating cyber damage to industrial plant systems and networks — commonly used in transportation grids, power plants, water treatment facilities, and other vital industrial settings.

“The passage of this bill represents great progress toward better preparing government and private industry to meet the significant challenges and reduce the serious risks of industrial cyberattack,” says Michael Marlowe, Managing Director and Director of Government Relations at the Automation Federation, in a statement. “We know that safeguarding America and the world from cyberattack will require a comprehensive, multi-faceted effort—implementing standards that can prevent and mitigate security vulnerabilities; educating and training a skilled cybersecurity workforce; facilitating greater public-private collaboration; and pursuing ongoing research, development and awareness initiatives.”

Marlowe said the Automation Federation is already in discussions with NIST officials about how to implement the key provisions of The Cybersecurity Enhancement Act of 2014 once it officially becomes law.

The Cybersecurity Enhancement Act of 2014:

• Authorizes NIST to facilitate and support the development of voluntary, industry-led cyber standards and best practices for critical infrastructure — drawing on many of the key recommendations outlined in the US Cybersecurity Framework.
• Strengthens cyber research and development by building on existing research and development programs, and ensuring better coordination across the federal government.
• Improves the cyber workforce and cyber education by ensuring that the next generation of cyber experts are trained and prepared for the future.
• Increases the public’s awareness of cyber risks and cybersecurity.
• Advances cybersecurity technical standards.

“The bill and its language regarding the public-private sector partnerships using existing standards within the NIST Framework is a great testament to the hard work of the Automation Federation, the Automation Federation Government Relations Committee members and the ISA-99 Security Standards Committee members,” says Steve Huffman, Chair of the Automation Federation’s Government Relations Committee and an ISA99 Security Standards Committee member, in a statement. “Cybersecurity of industrial automation and control systems from the OT (operational technology) side was not a prominent issue in initial legislative discussions. By raising its importance among lawmakers, industrial cybersecurity became a more vital part of the legislation passed by Congress.

“The Automation Federation and its representatives,” Huffman emphasizes, “share with Senators Rockefeller and Thune great excitement over the passage of this bill and a vision of a safer cyber world and a workforce prepared to meet the challenges of the future.”

Source: Automation Federation

47 Comments

  1. ‘If the Web becomes too complicated, too fraught with security concerns, then its proliferation may stop – or slow down. It should be kept open. It should be kept free. One of the major reasons for the Web’s proliferation is its simplicity. A lot of people want to make the Web more complicated. This simple model has had a profound impact by starting to become ubiquitous. The most important thing for the Web is not to become more complicated. By collective agreement. Sure. Go for ubiquity.’

    ‘Steve Jobs Bio: The Unauthorized Autobiography.’

      1. Dear oh dear, you ARE having a bad day. There are useful government purposes and useless government purposes. At least that’s the case until we can all become that heavenly thing I call Positive Anarchist whereby we all police ourselves and take personal responsibility for our bad choices in life. I can dream.

          1. PS – I am still awaiting your response on how fracking (whether for natural gas or crude oil) puts benzene (a naturally occurring substance in both coal tar and petroleum) causes cancer and liver disease by polluting drinking water.

            1. Water, sand, and chemicals are injected at high pressure to fracture layers of bedrock to release natural gas in large quantities. If the well casing contains leaks or the gas makes its way into subterranean acquirers, then that gas and associated trace contaminants and tracking products can be introduced into water supplies. Once contaminated, these water supplies remain polluted for a long time.

              It only takes a few shoddy drillers to really frack up a local aquifer. We need to be very careful to protect our fresh water supplies.

              It was really lazy of you to resort to the ‘it occurs naturally” argument. Many things occur naturally that we do not want to consume in any significant quantities – arsenic, lead, etc. just because some water supplies are naturally contaminated does not mean that we should be OK with it.

            2. “Many things occur naturally that we do not want to consume in any significant quantities – arsenic, lead, etc. just because some water supplies are naturally contaminated does not mean that we should be OK with it.”

              Melvin, how are these “many things” occurring naturally kept out of our water supplies now?

            1. Who around here shows more reason and logic than I? It’s not you!

              If you enjoyed today, maybe it’s your S&M holiday vacation. I’m sorry to have been your whips and chains plaything as I have zero interest in playing S&M, in case you hadn’t noticed. Trample a troll I will. But I never (intentionally) take a sane human being and bash the hell out of them for my own sick and jaded pleasure, unlike you today.

            2. Most readers did NOT enjoy today. Or any other day you got off on a political tangent. This is an Apple blog, not a political website.

              Moreover, it is unnecessary (and silly) to ask fellow readers to defend, in a few words, issues that have been extensively covered in books and the general press.

              We get it: you are pro fracking. There is no need to tell us here.

      2. …therefore the best possible government is the one that does nothing to protect its citizens. Since Free Enterprise and the market is infallible, Sony can protect us from cybercrime.

      3. I actually agree with you on that, botty. Unfortunately, there are a lot of unscrupulous and corrupt people out there who are willing to make a buck via the easiest means possible, no matter what impact those means may have on others. It appears that it will be a long while before we approach the minimum government ideal.

        It is also worth considering that relative anarchy can work well within small groups and lightly populated areas. But hundreds of millions of people require some government structure in order to function, particularly in densely populated regions.

  2. Oh boy, here we go again. Pass something so they can throw billions of dollars at it.

    If they really wanted to do something about it they would start by pushing out the old IT folks who only support Windows.
    The people in control are NOT computer folks but bureaucrats who give total control to IT departments which have zero knowledge of Mac’s and the Mac OS. Most Federal and State departments won’t even let departments buy Mac’s and have written “procedures” so the Mac’s don’t qualify.

    Do they really want to solve the problem?! Start by getting rid of the PC’s!

    It’s their own damn fault. Put the blame where it’s deserved, ALL OF MS, their management and staff, Government IT folks and the bureaucrats who blindly gave them ALL the control and ALL the money. What a crock!

        1. Average Annual Salary Of IRS Employees:

          •Internal Revenue Agent: $77,526
          •Revenue Officer: $59,826
          •Data Transcriber – Hourly: $14.27/hr
          •Revenue Agent: $72,227
          •Attorney: $106,009
          •Tax Compliance Officer: $52,115
          •Tax Examiner: $52,917
          •Customer Service Representative – Hourly: $18.25/hr
          •IT Specialist: $93,396
          •Agent: $80,517
          •Contact Representative: $40,451
          •Management & Program Analyst: $91,029
          •Tax Examiner – Hourly: $17.09/hr
          •Special Agent: $121,848

          •IRS Commissioner John Koskinen: $365,000

        2. That of course is another aspect of the ‘Starve The Beast’ insanity whereby the Neo-Con-Job crazies consider wiping out the financial income of the government to be a way to force all money out of entitlements while preserving all money for military ‘defense’ (which we know full well these days is actually OFFENSE. Certainly, that is how most of the rest of the world views US).

          It would be so easy to toss on a mean/cruel/snarky ending to this post. But I do appreciate a lot of your posts. Just not today.

          1. you’ve lost your sanity, the IRS is hardly starving having record collections in October and November of this year. If you’re against diabolical spending on the military, then don’t defend the Creature From Jekyll Island that feeds it.

            I’m okay with mean/cruel/snarky endings if they’re the truth.

            1. No no. You haven’t followed the news. The budget for the IRS has systematically been cut by Congress. This coming year’s budget is the lowest EVER. It’s a strategy.

              Now the question: Is it ALL bad that the IRS budget is being strangled? NO. The inner incompetence of the IRS is LEGENDARY among technophiles. I’ve chatted with some of the people they paid to rewrite their software about a decade back. It was a total FAIL specifically because the IRS is a mismanaged mess. Cutting budgets can do wonders for burning off the dead wood in an organization. I call it ‘breathing’, a natural part of any business entity. I’ll skip the rest of that lecture.

              As for who the Creature from Jekyll Island is… searching… So you mean I was defending the Federal Reserve? What?

              I’m done for today. Good night.

            2. The Federal Reserve cannot exist without the Federal Income Tax BOTH of 1913.

              Had you taken the time to read the current salaries of IRS employees, their total, and the income from American labor they steal for your loathed military expenditures and still defend them, you do need rest.

            3. “That of course is another aspect of the ‘Starve The Beast’ insanity whereby the Neo-Con-Job crazies consider wiping out the financial income of the government to be a way to force all money out of entitlements while preserving all money for military ‘defense..”

              “The budget for the IRS has systematically been cut by Congress. This coming year’s budget is the lowest EVER. It’s a strategy.”

              your words, you keep insisting that you are going to sleep, how can I tell the difference? You’ve been asleep all evening.

            4. I’m awake again and still baffled by your insistence that you have a point to make. ‘Starve The Beast’ is indeed insanity. It has been used as a lame excuse to cut the budget for everything but ‘defense’. If you’re a fanatic of ‘Starve The Beast’, then thank you for bloating the US federal budget all for the sake of feeding your insanity. This sick philosophy is the single biggest contributor to bloated US budgets, NOT entitlements.

              Now you run along and cogitate that statement and come back here to rant so I can ignore you for the rest of today. You have crossed into troll territory and I’m going to let you wallow there. Enjoy.

  3. The following will help ensure that you get lots of cyber attacks:

    Invade another country on a whim.
    Torture people.
    Conduct industrial sabotage.
    Conduct industrial espionage.
    Be arrogant and self righteous about it.

    It’s also a sure way to end up like the dinosaurs.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.