Back in June, Rep Crenshaw (R,TX) introduced HR 8775, the Contingency Plan for Critical Infrastructure Act. The bill would require CISA to submit to Congress a “joint sector-by-sector assessment on the ability of critical infrastructure owners and operators to operate critical systems in a manual operating mode during cyber incidents.” It would also require FEMA to update their “Planning Considerations for Cyber Incidents” last published November 7th, 2023. No new funding is authorized by this legislation.
Moving Forward
While Crenshaw is not a member of the House Homeland Security Committee to which this bill was assigned for primary consideration, his sole cosponsor {Rep Magaziner (D,RI)}, is a member. This means that there may be sufficient influence to see the bill considered in Committee. I suspect that a number of process manufacturing and distribution organizations would object to the government suggesting that they should be able to switch to manual operation in the event of a cyberattack. That opposition will ultimately result in pressure on members to oppose the bill. While this is not a partisan issue, I do not expect to see sufficient support in Committee to move this bill forward.
Commentary
With the increase in attacks on operational control systems,
and a larger increase in the number of instances where cyberattacks on business
assets results in preventative shutdowns in those control systems, it would
seem obvious that organizations should want to be able to switch to some sort
of system control that does not rely on vulnerable automated control systems.
Unfortunately, the more complex the manufacturing/distribution system is, the
wider is the gap between ‘want to’ and ‘able to’ switch to ‘manual operation’.
In the most complex systems (petrochemical refineries, for instance), there are
certainly not enough trained personnel on site to go back to the old, pre-automation
control processes.
For more details about the provisions of this bill, see my
article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/hr-8775-introduced
- subscription required.
No comments:
Post a Comment