Speaker News

CISA May Subpoena Vulnerable IP Addresses Under Proposed NDAA Amendment


CISA May Subpoena Vulnerable IP Addresses Under Proposed NDAA Amendment

Sen. Ron Johnson has added an amendment to the National Defense Authorization Act that would allow the Cybersecurity and Infrastructure Security Agency to subpoena internet service providers for information related to critical infrastructure vulnerabilities.

Through the amendment, CISA would be able to compel ISPs to reveal the system owner behind IP addresses when a critical infrastructure is showed to be vulnerable, MeriTalk reported Monday.

“This limited information would enable us to contact an entity subject to vulnerabilities, such as a power plant or hospital, to inform them of the potential risk and offer mitigation advice or assistance,” CISA Director Christopher Krebs, a two-time Wash100 winner, said in a past blog post. 

For the past years, CISA has been facing attacks on industrial control systems but been unable to alert the systems' owners because the agency cannot determine their identities, according to a Lawfare in December.

Current laws prohibit ISPs from sharing the identity of their customers with the federal government without a legal mechanism requiring it.

He called on the White House and Congress to support the legislation to close what he said is a critical gap in the United States' cybersecurity. 

According to Sen. Jim Inhofe, the Senate will finish considering the bill after its July recess. The Senate bill and a companion bill in the House of Representatives will both enter a reconciliation process.

Rep. Jim Langevin introduced similar legislation in the House of Representatives, but it was not included in the House Armed Services Committee Chairman's mark. The House NDAA advanced out of committee last week. 

Inhofe said it is "very likely" that the legislation would be passed until after November. 

Sign Up Now! Potomac Officers Club provides you with Daily Updates and News Briefings about Speaker News

Category: Speaker News

Tags: Christopher Krebs CISA critical infrastructure cybersecurity Cybersecurity and Infrastructure Security Agency Department of Homeland Security DHS internet service providers Jim Langevin MeriTalk Ron Johnson Senate Speaker News