The Department of Homeland Security has asked lawmakers for subpoena authority to directly contact organizations vulnerable to hacking, rather than having to rely on outside parties to communicate with them. The move is an attempt to speed up the process by which DHS’s Cybersecurity and Infrastructure Security Agency interacts with critical infrastructure companies on the front lines of state-sponsored hacking threats.
For example, DHS officials say they have IP addresses of vulnerable systems in the private sector, but can’t obtain the contact information for equipment owners from internet service providers. To empower that, the department wants “administrative” subpoena authority, which would compel an ISP to turn over that information and allow them to contact those potential hacking victims directly. Industrial control systems, which underpin a number of critical infrastructure sectors, would be a key area of focus for the subpoena authority.