Monday, June 20, 2022

HR 7777 Reported in House – ICS Cybersecurity Training

Last week the House Homeland Security Committee published their report on HR 7777, the Industrial Control Systems Cybersecurity Training Act. The Committee considered the bill last month and ordered the bill reported favorably without amendment. The House is scheduled take up the bill on Tuesday under the suspension of the rules process. This means limited debate, no floor amendments, and requires a super majority for passage. The House leadership expects the bill to pass with strong bipartisan support.

The Report includes an interesting discussion about the differences between IT and OT cybersecurity training needs (pg 2):

“While cybersecurity education is often focused on information technology (IT), there are unique skills required to secure ICS as it relies on both IT and operational technology (OT) that, if exploited, could result in material harm, including loss of life, and significant economic damage. In contrast to IT cybersecurity, which prioritizes ensuring confidentiality, integrity, and availability of data, ICS cybersecurity prioritizes safety, reliability, and functionality of systems. Because those working in ICS cybersecurity must understand how technology impacts industrial operations, there are additional types of training required. According to a group of industrial cybersecurity experts convened by Idaho National Laboratory and Idaho State University, there are six industrial cybersecurity knowledge domains that are not included in traditional cybersecurity education: industrial operations, instrumentation and control equipment, communications, safety, and regulation. Expanded Federal support for ICS cybersecurity training would ensure more workers have the necessary, specialized skills to protect ICS.”

The Committee Report also includes the mandatory Congressional Budget Office report on the costs associated with the bill. That CBO report notes that (pg 5):

“CISA already provides cybersecurity training courses for critical infrastructure operators; thus, the bill would codify those responsibilities and would not impose any new operating requirements on the agency. CBO estimates that implementing H.R. 7777 would cost less than $500,000 over the 2022–2027 period to prepare and deliver the required reports; such spending would be subject to the availability of appropriated funds.”

No comments:

/* Use this with templates/template-twocol.html */