The Senate Commerce Committee last week unanimously approved a critical infrastructure cybersecurity bill that had been introduced earlier in July by committee Chairman Jay Rockefeller (D-W.Va.) and ranking Republican John Thune (R-S.D.).
S. 1353, the “Cybersecurity Act,” would grant the National Institute of Standards and Technology (NIST) formal authority to work with ISACs and sector coordinating councils to develop “a voluntary, industry-led set of standards, guidelines, best practices, methodologies, procedures, and processes to reduce cyber risks” to critical infrastructure, including major water systems. The bill would not give the government power to require implementation of the voluntary standards, though an amendment accepted during the markup calls for a study on the extent to which infrastructure operators adopt the standards, the rationale for their decisions and the success of the voluntary standards at protecting critical infrastructure against cyber threats.
Speaking during last week’s markup, Chairman Rockefeller said the bill “doesn’t do everything we need to do to improve our cybersecurity,” but said the measure represents “a good start.”
The full Senate is unlikely to consider S. 1353 on its own. Instead, Rockefeller and Thune said they hope the bill will be sent to the floor as part of a larger cybersecurity package that combines legislation produced from the various Senate committees with jurisdiction over the issue – assuming those other committees are able to approve their own cyber bills later this year.