Skip to main content

Five New Bills Introduced to Secure Federal Critical Infrastructure

by Chris Brook on Wednesday May 19, 2021

Contact Us
Free Demo

Two weeks removed from the Colonial Pipeline incident, bipartisan House lawmakers introduced five different acts designed to better secure federal critical infrastructure from cyberattacks.

It was clear just five months ago, after the SolarWinds hack, that something on a federal level had to be done.

Now, just a week and some change after the Colonial Pipeline ransomware attack, an incident that it can be argued had much more palpable repercussions - including a short-lived fuel shortage – lawmakers have advanced five bills in hopes of better safeguarding federal entities from cyberattacks.

The U.S. House Committee on Homeland Security introduced the bills over the past several days, with many politicians pointing to the Colonial Pipeline attack and the nasty precedent its feared it could set when it comes to the severity of cyberattacks against U.S. critical infrastructure.

The five bills include the following:

The “Pipeline Security Act” (H.R. 3243)

This bill is designed to make it easier for the TSA, was put in charge of pipeline cybersecurity when it was formed, to safeguard pipeline systems against cyberattacks, terrorist attacks, and other threats.

The “State and Local Cybersecurity Improvement Act” (H.R. 3138)

The aim of this bill is to authorize a $500 million grant program to provide SLTT (state, local, tribal, and territorial) governments with money to better secure their networks from ransomware and other cyberattacks.

The “Cybersecurity Vulnerability Remediation Act” (H.R. 2980)

This bill would make it so CISA, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, would be authorized to assist critical infrastructure owners and operators with mitigation strategies against critical, known vulnerabilities.

The “CISA Cyber Exercise Act” (H.R. 3223)

Another bill that would empower CISA, this act would establish a National Cyber Exercise program inside CISA, something that lawmakers believe could translate to more regular testing and systemic assessments of preparedness and resilience to cyberattacks against critical infrastructure.

The “Domains Critical to Homeland Security Act” (H.R. 3264)

This bill would authorize DHS to conduct research and development into supply chain risks for critical domains of the U.S. economy and then, send the results to Congress.

Rep. Elissa Slotkin (D-Mich.) who introduced the CISA Cyber Exercise Act did so after sending a letter to major pipeline owners and operators in her state last week, urging them to make sure they have the appropriate security protocols in place following the Colonial Pipeline incident.

“The proactive shutdown of the pipeline, as a result of the attack, has led to one of the most significant cyber-driven disruptions of U.S. energy infrastructure in our history — and serves as a clear reminder of the importance of cybersecurity to our daily lives,” Slotkin wrote.

The five bills were part of a slate of bills passed by the Committee on Homeland Security; the above five, obviously, pertained to cybersecurity matters; the other two, the DHS Blue Campaign Enhancement Act, related to human trafficking prevention, the DHS Medical Countermeasures Act, related to forming a program to strengthen the United States' response to a pandemic.

The bills of course, come just a few short days after President Biden signed an executive order geared at strengthening the country's cybersecurity posture.

The executive order, long awaited, is designed to implement stronger cybersecurity standards across the government, establish an entity similar to the National Transportation Safety Board to review hacks after they happen, ensure that companies are sharing threat information with CISA and the FBI, and enhancing supply chain security, among other objectives.

Tags:  Government

Recommended Resources

The Definitive Guide to Data Loss Prevention
The Definitive Guide to Data Loss Prevention

All the essential information you need about DLP in one eBook.

6 Cybersecurity Thought Leaders on Data Protection
6 Cybersecurity Thought Leaders on Data Protection

Expert views on the challenges of today & tomorrow.

Digital Guardian Technical Overview
Digital Guardian Technical Overview

The details on our platform architecture, how it works, and your deployment options.