Ms. CLARKE of New York. Mr. Speaker, I am proud today to introduce the ``Identifying Cybersecurity Risks to Critical Infrastructure Act of 2012'', a bill to assess the risks that networks controlling our critical infrastructure face from cyber attacks. I am also proud to have developed this legislation in collaboration with my colleague, the gentleman from California, and Chairman of the Committee on Homeland Security Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies, Representative LUNGREN.
Critical infrastructure, which can be found in all of our districts, powers our homes and keeps our water running. However, all too often, in the digital era, industrial control systems that operate much of this critical infrastructure are vulnerable to cyber attacks. A recent report by the Washington Post found that thousands of these control systems could be accessed directly through the Internet, leaving them open to exploitation by even ``moderately talented hackers''.
And according to Assistant to the President and Deputy National Security Adviser John Brennan, there have been over 200 known attempted or successful cyberintrusions against control systems that operate critical infrastructure in 2011 alone, which was a five-fold increase over 2010.
There has been an active debate this Congress on cybersecurity, and particularly how best to protect our critical infrastructure from crippling cyber attacks. But regardless of where you stand on the proper role for the Federal government in protecting critical infrastructure, I am sure we can all agree that the nature of the cyber threat to critical infrastructure, including vulnerabilities present in our critical infrastructure networks, need to be known so that critical infrastructure owners and operators can be empowered to bolster their cybersecurity and protect their systems.
Specifically, my bill directs the Secretary of Homeland Security to conduct risk assessments of critical infrastructure sectors to identify:
1. The threats to critical infrastructure from foreign intelligence services,
cybercriminals, and hacker groups;
2. The consequences that would result from a major cyber attack on critical infrastructure; and
3. The vulnerabilities in our critical infrastructure networks that could be exploited by hackers.
This bill would not only help our government understand the threat we face, it would benefit the critical infrastructure owners and operators protect their networks, giving them a fuller understanding of vulnerabilities in their systems.
It would not create any rules, regulations, or standards that private industry would need to comply with, and much of this language was first proposed by Committee Republicans, consistent with the recommendations of the House Republican cybersecurity task force.
This bill would take proactive steps to identify and assess cyber risks to help raise the level of cybersecurity protecting our Nation's critical infrastructure networks, without creating any burdensome regulations or bureaucracy. This issue is far too important, and the risk of cyber attack on our critical infrastructure is too grave, to let another Congress pass without taking action.
I urge my colleagues to cosponsor the ``Identifying Cybersecurity Risks to Critical Infrastructure Act of 2012'', and work with me to secure passage of this critical bipartisan homeland security legislation.