I had a neat professional experience the other day. Research I conducted in collaboration with the INL was cited as a justification for proposed legislation: HR 7777 The Industrial Control Systems Cybersecurity Training Act.
Here’s the key quote from the House Committee Report:
Because those working in ICS cybersecurity must understand how technology impacts industrial operations, there are additional types of training required. According to a group of industrial cybersecurity experts convened by Idaho National Laboratory and Idaho State University, there are six industrial cybersecurity knowledge domains that are not included in traditional cybersecurity education: industrial operations, instrumentation and control, equipment, communications, safety, and regulation. Expanded Federal support for ICS cybersecurity training would ensure more workers have the necessary, specialized skills to protect ICS.
The report is citing the “Building an Industrial Cybersecurity Workforce: A Managers’ Guide“, published jointly by INL and ISU. I blogged about the document in December 2020. It is also embedded as an appendix to my doctoral thesis.
The bill, which essentially instructs the CISA to offer virtual and in-person training at no cost to participants, passed the House on June 22.
While I note that free ICS security training has been part of DHS, ICS-CERT and CISA’s offerings for nearly 20 years now, I am excited to see the idea that industrial cybersecurity is different gaining traction at a national level!