WASHINGTON — U.S. Rep. Rick Crawford (R-Ark.) has introduced legislation that would create a governing body to develop risk and resiliency requirements for water systems to protect networks from cybersecurity threats. submitted.
The bill, House Resolution 7922, would create a water risk and resilience organization responsible for proposing regulations to help drinking water and wastewater systems withstand cybersecurity disruptions, including malicious attempts to disrupt service. Certification by the Protection Agency is required.
Organizations should also propose a plan to implement the rules to ensure that their systems comply with the new requirements.
Crawford, of Jonesboro, co-sponsored the bill with California Republican Rep. John Duarte.
“All we need to do is harden these assets, reduce their vulnerabilities, and equip our operators so they know how to respond,” Crawford told the Arkansas Democrat-Gazette. “Water utilities at the city, county and state level need to be prepared, properly trained and properly equipped to prevent this from happening.”
Crawford's bill comes after federal officials expressed concern about vulnerabilities in water systems across the country. EPA Administrator Michael Regan and National Security Advisor Jake Sullivan sent a letter to governors in March calling for state partnership in addressing cybersecurity risks.
“Every water system in your state should comprehensively assess their current cybersecurity practices to identify critical vulnerabilities, deploy practices and controls to mitigate cybersecurity risks, as needed, and We need your help to implement plans to prepare for, respond to, and recover from a cyber incident,” they said.
Officials cited China's sponsorship of intelligence-gathering efforts about Iran-linked attacks and plans to disrupt power company operations. Last November, an Iranian-backed group attacked a water facility in Pennsylvania, where hackers took control of remote booster stations that monitor and regulate pressure.
Regan and Sullivan said, “Drinking water and wastewater systems are critical infrastructure sectors of lifelines and therefore attractive targets for cyberattacks, but they lack the resources and technology to implement rigorous cybersecurity practices. There is often a lack of competency.”
Attending Vanderbilt University in Nashville, Tennessee, on April 18, FBI Director Christopher Wray said the Chinese government has targeted cybersecurity attacks on U.S. infrastructure networks to wreak havoc “at a time of its own choosing.” He said he is supporting.
“To give you an idea of the scale of China's cyber operations, all of the FBI's cyber investigators and cyber intelligence analysts are trying to help Chinese hackers, even if they focus solely on China, rather than ransomware, Iran, or Russia. would still outnumber the FBI's cyber staff by at least 50 to 1, Wray said.
“In order to gain an upper hand on the world stage,[China]considers all areas of running our society to be fair game, and will take low blows on civilian infrastructure in order to create panic and seek a breakthrough.” It is clear that this is a plan.'' America's will to resist. ”
Crawford said that from a legislative and regulatory standpoint, the United States cannot allow cyberattacks to continue due to a “lack of imagination.”
“We need to start thinking about where the gaps, weaknesses and vulnerabilities are and how they can be exploited,” he said.
Two House committees have received the bill for initial consideration ahead of a possible floor vote. The Committee on Transportation and Infrastructure and the Committee on Energy and Commerce will consider this measure, taking into account the committee's jurisdiction over infrastructure and cybersecurity-related matters, respectively.
Mr. Crawford and Rep. Bruce Westerman (R-Ark.) serve on the House Transportation and Infrastructure Committee, and Mr. Crawford is already seeking the chairman role in the next Congress. .
