A bill that would grant subpoena authority to the Cybersecurity and Infrastructure Security Agency (CISA) in certain cases was approved by the House Committee on Homeland Security Wednesday.
The Cybersecurity Vulnerability Identification and Notification Act (H.R. 5680), introduced by Rep. Jim Langevin (D-RI), would address instances in which CISA identifies a vulnerable system but is limited in its response because it cannot identify and engage with the system’s owner. Under current policy, telecommunications companies are prohibited under the Electronic Communications Privacy Act from disclosing it to the U.S. government, absent a legal process.
“The Internet was not created with security in mind, and in a world that is more interconnected each day through technology, critical systems used to deliver essentials like water and power are at risk of being compromised,” Langevin said. “This legislation is based on a simple premise we’ve all become familiar with: if you see something, say something. We are taking a proactive step that gives CISA the ability to say something when they see something.”
Langevin said the CISA director would only be able to issue a subpoena when the agency knows of a specific cybersecurity risk but is unable to determine who the entity is. Further, the subpoena authority only applies to basic categories of subscriber information such as name, address, and telephone number. The data can only be used for notification about a risk, not for surveillance or investigation purposes.
“While CISA analysts work diligently to monitor and uncover risks, current policy impedes them in their efforts to warn at-risk critical infrastructure operators,” Langevin added. “There have been numerous instances where CISA has not been able to identify the owner of a vulnerable system and warn them of their exposure.”
The bill is co-sponsored by Reps. John Katko (R-NY), Bennie Thompson (D-MS), Cedric Richmond (D-LA), Sheila Jackson Lee (D-TX) and John Ratcliffe (R-TX). It now moves to the full House for consideration.
A similar bill was introduced in the Senate by Sens. Ron Johnson (R-WI) and Maggie Hassan (D-NH).
The ByteDance-owned TikTok faces an uphill battle in the United States after President Joe Biden…
Promising to grow space for integrating and delivering on critical defense programs by more than…
In unsealing a 13-page indictment this week, the U.S. Department of Justice (DOJ) revealed charges…
A bill targeting the illicit fentanyl supply chain, the Fentanyl Eradication and Narcotics Deterrence (FEND)…
In order to move the state closer to federal standards and allow reporting of local…
For the next round of participants in a pilot program to Accelerate the Procurement and…
This website uses cookies.