The House last week approved a measure requiring the Department of Homeland Security and the National Cyber Director to establish criteria to identify and designate certain critical infrastructure entities as systemically important for continuing national critical functions.
The amendment on systemically critical infrastructure was introduced by Rep. James Langevin (D-R.I.) and adopted by voice vote. It passed the House as part the chamber’s version of the fiscal year 2023 National Defense Authorization Act, which was agreed to last Thursday evening.
If the bill becomes law, systemically important entities may have to identify critical assets, systems, suppliers, technologies, software and services to help the government understand risks to national critical functions in their supply chains. It would also require these entities to identify security controls or risk management practices they have taken to ensure continued delivery of critical services.
To help these most critical infrastructures, the bill directs the government to provide them with intelligence support and warnings.
The Senate Homeland Security and Governmental Affairs Committee last fall approved the Defense of United States Critical Infrastructure Act of 2021 (S. 2491), which includes a provision similar to Langevin’s amendment.
Jen Easterly, director of DHS’ Cybersecurity and Infrastructure Security Agency, last November told the House Homeland Security Committee that she supports the legislation on systemically important critical infrastructure and that her agency is already examining these entities, which have “economic centrality, network centrality and have logical dominance in those national critical functions.”
Langevin said in a statement last Friday that systemically important critical infrastructures include large energy utilities, telecommunications providers and major financial institutions.
Langevin’s bill would also create an Interagency Council for Critical Infrastructure Cybersecurity Coordination that would be co-chaired by the Homeland Security Secretary and the National Cyber Director to coordinate and harmonize federal policy on critical infrastructure cybersecurity.