Research Triangle Park, North Carolina, USA – The United States Congress earlier this week took an important step forward to better protect America from the increasing risks of industrial cyberattack when it approved The Cybersecurity Enhancement Act of 2014.
The bipartisan bill—which now goes to President Obama to be signed into law—is designed to strengthen and protect the nation’s economic and national security through public-private partnerships to improve cybersecurity and a greater reliance on cybersecurity standards; research and development; workforce development and education; and public awareness and preparedness.
Passage of the bill, which was sponsored by Senate Commerce, Science, and Transportation Committee Chairman John D. (Jay) Rockefeller IV (D-WV) and Ranking Member John Thune (R-SD), follows years of efforts to pass federal cybersecurity legislation. An earlier cybersecurity bill, The Cybersecurity Act of 2012, was defeated in the Senate. Its demise prompted President Obama to instruct the National Institute of Standards and Technology (NIST) to develop the US Cybersecurity Framework, which was introduced in February of this year.
As a leading authority on industrial automation control systems (IACS) security standards and the “Voice of Automation,” the Automation Federation and its founding association, the International Society of Automation (ISA), have worked closely for years with lawmakers in Washington—Senator Rockefeller, in particular—to build support for the passage of federal cybersecurity legislation.
At the federal government’s request, representatives of both the Automation Federation and ISA served as expert consultants to NIST as it coordinated the development of the US Cybersecurity Framework. In fact, long before the President called for a federal initiative on cybersecurity, Automation Federation and ISA leaders have been consulting with White House National Security Staff, US federal agency officials, and members of Congress on the critical need to establish national cybersecurity standards, guidelines and compliance testing.
IACS security standards developed by ISA (ISA99/IEC 62443) are integral components of the federal government’s plans to combat cyberattack because they’re designed to prevent and offset potentially devastating cyber damage to industrial plant systems and networks—commonly used in transportation grids, power plants, water treatment facilities, and other vital industrial settings.
“The passage of this bill represents great progress toward better preparing government and private industry to meet the significant challenges and reduce the serious risks of industrial cyberattack,” says Michael Marlowe, Managing Director and Director of Government Relations at the Automation Federation. “We know that safeguarding America and the world from cyberattack will require a comprehensive, multi-faceted effort—implementing standards that can prevent and mitigate security vulnerabilities; educating and training a skilled cybersecurity workforce; facilitating greater public-private collaboration; and pursuing ongoing research, development and awareness initiatives.”
Marlowe said the Automation Federation is already in discussions with NIST officials about how to implement the key provisions of The Cybersecurity Enhancement Act of 2014 once it officially becomes law.
The Cybersecurity Enhancement Act of 2014:
- Authorizes NIST to facilitate and support the development of voluntary, industry-led cyber standards and best practices for critical infrastructure—drawing on many of the key recommendations outlined in the US Cybersecurity Framework.
- Strengthens cyber research and development by building on existing research and development programs, and ensuring better coordination across the federal government.
- Improves the cyber workforce and cyber education by ensuring that the next generation of cyber experts are trained and prepared for the future.
- Increases the public’s awareness of cyber risks and cybersecurity.
- Advances cybersecurity technical standards.
“The bill and its language regarding the public-private sector partnerships using existing standards within the NIST Framework is a great testament to the hard work of the Automation Federation, the Automation Federation Government Relations Committee members and the ISA-99 Security Standards Committee members,” says Steve Huffman, Chair of the Automation Federation’s Government Relations Committee and an ISA99 Security Standards Committee member. “Cybersecurity of industrial automation and control systems from the OT (operational technology) side was not a prominent issue in initial legislative discussions. By raising its importance among lawmakers, industrial cybersecurity became a more vital part of the legislation passed by Congress.
“The Automation Federation and its representatives,” Huffman emphasizes, “share with Senators Rockefeller and Thune great excitement over the passage of this bill and a vision of a safer cyber world and a workforce prepared to meet the challenges of the future.”