Rep. Jim Langevin, D-R.I., said he is eyeing a universe of about 100 private sector firms that he considers to be “systemically important” critical infrastructure providers as he completes work on legislation that will call for closer collaboration between the Federal government and those companies on cybersecurity and related intelligence sharing.
The congressman – a leading policy voice in the House on cybersecurity issues and a member of the influential Cyberspace Solarium Commission – has talked since last year about the need for closer cooperation on security between the government and the largest U.S. critical infrastructure providers.
Along with that, he has talked up a related Solarium-driven idea to create a “joint collaborative environment” between those infrastructure providers and the government to work more closely on analyzing cyber threats and risks and understanding malware forensics. That environment, he said at a Feb. 2 event organized by Axios, would most likely be housed within the Cybersecurity and Infrastructure Security Agency (CISA).
Legislation that tracks with the thrust of those ideas was introduced last year in both the House and the Senate.
New Legislation Coming Soon
Rep. Langevin said at the Axios event that he plans to introduce his own legislation “very soon” that would create what he described as a new “social contract” between the government and the systemically important infrastructure providers. The coming legislation, he said, would include “requirements and benefits” for entities that qualify as systemically important.
The congressman did not identify any of those proposed systemically important critical infrastructure providers by name but did say they would number about 100, “give or take,” and include financial institutions, natural gas providers, and electric utilities.
In addition to being outsized providers of critical services, Rep. Langevin noted they are also big enough to be able to “operationally collaborate with the Federal government” to defend networks. Smaller companies, he said, would have fewer resources available to do so. “It’s better we start with the larger companies and then work down from there,” he said.
“The issue of what we call systemically important critical infrastructure is focused on those companies that are that are so large and so important to the national or economic security of the United States that if they went down, it wouldn’t be just the company having a bad day, but the entire country having a bad day,” Rep. Langevin said. “Think of a whole sector of the country’s electric grid going down, just by way of example, that’s the ballpark of what we’re talking about.”
“We want to create a closer collaborative relationship with those companies that give broader actionable intelligence sharing, as well as have the companies be able to give context to what, maybe, the intel community is seeing,” he said.
“The number of those companies is very small, but the impact would be would be large,” the congressman said.