H.R. 1833 would require the Cybersecurity and Infrastructure Security Agency (CISA) to identify and mitigate threats to systems that are used in the automated control of critical infrastructure processes (such as power generation and water treatment). The bill also would require CISA to brief the Congress on its capability to do so not later than six months after the bill’s enactment and every six months thereafter over the four-year period following enactment of the bill. In addition, the bill would require the Government Accountability Office to review and report on CISA’s practices for managing cybersecurity risks to industrial control systems.
