In a nation's capital that has witnessed contentious politics for decades on end, the House Subcommittee on Cybersecurity and Infrastructure met for just under two hours Tuesday and cordially exchanged views on cyber threats to the nation’s critical infrastructure.Let's see what happens next.The pretext for the session was to discuss what the industry has learned since the discovery of Stuxnet in 2010.While politics did enter the fray as Republicans expressed fears around turf wars between security agencies, and Democrats pointing out funding cuts to CISA and the national laboratories, both sides did agree on one major piece of legislation: Reauthorizing the Cybersecurity Information Sharing Act of 2015, best known as CISA 2015, set to expire Sept. 30, 2025.There are fears among lawmakers that with Congress soon breaking for its August recess, there wouldn’t be enough time for them to reauthorize CISA 2015 when they return and it could lapse.Prompted by ranking Democratic subcommittee member Rep. Eric Swalwell, D-Calif., Tatyana Bolton, executive director of the Operational Technology Cyber Coalition, told committee members the blunt truth of what could happen if CISA 2015 lapses:“The estimates are that about 80% to 90% of information sharing would be cut off from the federal government,” Bolton told the members. “When I was at the Cybersecurity Solarium Commission, one of the main things we tried to do was to make sure that the federal government at least had a full threat picture. This authority is a significant part of that work. We must reauthorize it.”Rep. Andrew Garbarino, R-N.Y., who ran Tuesday's session as chair of the subcommittee and was recently made chair of the full Homeland Security Committee, said reauthorizing CISA 2015 was a top priority for him.“I’ve talked to many people in the private sector who said it would be devastating and they wouldn’t be able to talk to the government if this expires,” said Garbarino. Bolton added that if we are two years away from a contingency with China in 2027, as projected by the Office of the Director of National Intelligence (ODNI), the nation must treat information-sharing as a baseline.“China is not waiting,” said Bolton. “China is preparing now — and so are all our other adversaries.”Robert M. Lee, co-founder and CEO at Dragos, added that the bi-directional communication between the government and private sector — especially on the threat picture overall — is one of the responsibilities for government that makes a lot of sense.Lee pointed out that a lot of asset owners and operators feel it’s a one-way communication from the government. He said the government has to make it very clear and say: “Here’s what we can do to help you if you share this information.”“Also, talk about turf wars. I led the OT portion of the incident response on Colonial Pipeline, and I witnessed a lot of turf wars between the FBI and CISA,” said Lee. “It needs to be very clean or no asset owner or operator will want to work with them — they view them as children.”Bolton added that any reauthorization of CISA 2015 has to include OT much more directly in the language — it’s currently not in the legislation. She also said it makes sense for the government to identify DHS/CISA as the lead agency for sharing information.“The confusion for industry in sharing info with the federal government remains a problem,” said Bolton. “We hear all the time from our ... member companies that I need to talk to TSA or FBI, and maybe the FBI will tell CISA. That can’t be assumed and so we need to make sure that language is clear in the legislation.”
Critical Infrastructure Security, Government Regulations, Incident Response
Sharing cybersecurity information a priority, House committee members say

(Defense Department)
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



