New bill looks to centralize CISA's role in ICS threat response

critical infrastructure security (Ravil Sayfullin/ 

Rep. John Katko (R-N.Y.) on Thursday introduced bipartisan legislation that would centralize the Cybersecurity and Infrastructure Security Agency's role in responding to incidents across industry sectors and require the agency's chief to monitor vulnerabilities of industrial control systems.

"These systems operate many vital components of our nation's critical infrastructure and remain under constant attack from cyber criminals and nation state actors. As we saw recently when a Florida water treatment facility was targeted, these attacks can have devastating, real-world consequences," Katko said.

The DHS Industrial Control Systems Enhancement Act of 2021 is co-sponsored by Homeland Security Committee Chairman Bennie Thompson (D-Miss.) as well as several other subcommittee chairs and members of the committee.

The bill mandates CISA's director pay specific attention to threat hunting and responding to attacks against industrial control systems and provide technical assistance to both federal agencies and industry. CISA's director would also have to "collect, coordinate, and provide vulnerability information" to appropriate organizations using industrial control systems.

Katko's bill further directs CISA to provide briefings to the Homeland Security committee every six months for the next four years on DHS's industrial control system capabilities.

Cybersecurity experts previously testified to lawmakers that it would be beneficial for CISA to play a greater role in helping various federal agencies to improve their cybersecurity.

"The 101 federal civilian agencies are simply not in a position to secure themselves all by themselves. And the reason for that is the lack of resources, the lack of personnel and the and the lack of follow through," Chris Krebs, the former director of CISA, told the House Homeland Security Committee in February.

Encouraged by CISA's work during the election, lawmakers have shown a willingness to add other responsibilities to the agency's mission as well as the funding necessary to accomplish that work. But in interviews with FCW, analysts predicted greater resistance to any push to put CISA in a regulatory role.

"Having separate regulators is important because each industry faces unique challenges in cybersecurity," David Forscey, managing director of the Aspen Cybersecurity Group, recently told FCW. "The federal agencies who oversee the nuclear and healthcare sectors employ people who understand those realities and are less likely to write rules that make zero practical sense."

About the Author

Justin Katz is a former staff writer at FCW.


  • IT Modernization
    shutterstock image By enzozo; photo ID: 319763930

    OMB provides key guidance for TMF proposals amid surge in submissions

    Deputy Federal CIO Maria Roat details what makes for a winning Technology Modernization Fund proposal as agencies continue to submit major IT projects for potential funding.

  • gears and money (zaozaa19/

    Worries from a Democrat about the Biden administration and federal procurement

    Steve Kelman is concerned that the push for more spending with small disadvantaged businesses will detract from the goal of getting the best deal for agencies and taxpayers.

Stay Connected