It has been reported that a newly introduced bipartisan bill would direct the Cybersecurity and Infrastructure Security Agency (CISA) to create a special cyber programme to test the nation’s critical infrastructure defences to thwart cyberattacks.
The Cyber Exercise Act would also require CISA to assist state and local governments and private industry to assess the safety and security of critical infrastructure.
The measure, which comes on the heels of the high profile, disabling Colonial Pipeline ransomware attack, amends the Homeland Security Act of 2002 that created the eponymous federal agency.
Specifically, the bill calls for the programme to:
- Evaluate the National Cyber Incident Response Plan and other related plans.
- Simulate the “partial or complete incapacitation” of a government entity or critical infrastructure network.
- Develop post incident action reports and plans that can incorporate lessons learned into future operations.
The programme will also include a set of model exercises that government or private industry can adapt for their particular needs.
Cybersecurity expert Trevor Morgan, Product Manager at comforte AG:
"The five bills passed by the US House Committee on Homeland Security to improve defensive capabilities against cyberattacks dramatically underscore the level of seriousness that both governments and enterprises need to adopt in the face of mounting cyber-threats. As leaks and breaches wreak havoc on infrastructures, supply chains, and even national security, we all need to understand that cybersecurity isn’t an arcane technical topic just for IT professionals to deal with – we each have a vested interest in keeping our own personal data, our employers’ and customers’ sensitive information, and our infrastructure-centred and national-security secrets safe from harm. It starts local with our own data-security-mindedness and then grows from there into a culture of data security in our businesses and governments. Any enterprise that isn’t heeding the US Government’s actions and reassessing their own data security strategy and posture – including investigating more data-centric methods which protect the data itself no matter where it goes or who intercepts it – is being remiss and will be in for a world of hurt if the unthinkable occurs. As ongoing incidents and these responses demonstrate, the unthinkable is quickly becoming the highly likely for organisations at all levels."
Read the latest issue of World Pipelines magazine for pipeline news, project stories, industry insight and technical articles.
The May issue of World Pipelines includes a regional report on Canada’s oil and gas sector, as well as technical articles on integrity management software, leak detection, NDT, and project case studies. Don’t miss our feature on young pipeliners, in which World Pipelines’ Senior Editor Elizabeth Corner interviews the winners of the John Tiratsoo Award for Young Achievement, awarded by Young Pipeliners International, in partnership with PPIM.
Read the article online at: https://www.worldpipelines.com/business-news/26052021/comforte-ag-comments-on-new-us-cyber-security-bill/