A bill introduced in the U.S. Senate would allow the Cybersecurity and Infrastructure Security Agency (CISA) to subpoena Internet Service Providers (ISPs) to offer information when necessary.
The bill gives CISA authority to detect, identify, and receive information only related to critical infrastructure systems for a cybersecurity purpose. The subpoenas would have to be authenticated by electronic signature, so the internet service provider knows it is coming and ensuring that it is not fraudulently generated.
The bill also would require an annual report to both Congress and the public with the number of cybersecurity vulnerabilities that have been mitigated and the number of entities warned.
“Every day, our adversaries target our critical infrastructure, including our electric grids, dams, and airports. And every day, CISA is made aware of vulnerabilities to these systems – some easily fixable – but is powerless to warn the potential victims,” Sen. Ron Johnson (R-WI), co-sponsor of the bill, said. “This legislation gives CISA the authority necessary to reach out and warn owners of critical infrastructure that they are open and vulnerable to cyberattacks before they become a victim. We ask Americans: if you see something, say something. With this legislation, we are empowering CISA to do the same.”
It was co-sponsored by Sen. Maggie Hassan (D-NH).
“An attack on critical infrastructure could have devastating consequences, from shutting down heating and cooling systems of hospitals to manipulating industrial controls of water treatment facilities to blacking out an entire city,” Hassan said. “CISA already has a system to identify cybersecurity vulnerabilities in critical infrastructure, and the bipartisan bill we are introducing today helps to ensure that if CISA finds a vulnerability, it has the tools and information it needs to reach out to the entity maintaining the system. Importantly, our bill is narrowly-tailored to protect the privacy rights of all entities, giving CISA only the bare minimum of information necessary.”