U.S Advances 5 Bills to Improve Cyber Defenses of SLTT Governments and Critical Infrastructure Entities
In the wake of the SolarWinds Supply chain attack, ransomware attack on Colonial Pipeline, and President Biden’s cybersecurity executive order, the U.S. House Committee on Homeland Security has cleared five bipartisan bills that seek to address cybersecurity and improve the defenses of state, local, tribal, and territorial (SLTT) governments and critical infrastructure entities.
The cyberattack on Colonial Pipeline forced the company to shut down its 5,500-mile fuel pipeline that delivers 45% of the fuel required by the East Coast. In order to speed up recovery and minimize disruption, Colonial Pipeline’s CEO Joseph Blount authorized the payment of a $4.4 million ransom to the DarkSide ransomware gang; however, even though the ransom was paid, the fuel pipeline remained shut down for 5 days, causing major disruption to fuel supplies.
These attacks have highlighted major vulnerabilities in cybersecurity defenses which need to be addressed to improve national security.
The five bipartisan cybersecurity bills advanced this week are:
- The Pipeline Security Act (H.R. 3243)
- The State and Local Cybersecurity Improvement Act (H.R. 3138)
- The Cybersecurity Vulnerability Remediation Act (H.R. 2980)
- The CISA Cyber Exercise Act (H.R. 3223)
- The Domains Critical to Homeland Security Act (H.R. 3264)
The Pipeline Security Act (H.R. 3243), introduced by Congressman Emanuel Cleaver (D-MO), had previously been introduced two years ago but failed to gain traction. The main purpose of the reintroduced bill is to codify the role of the Transportation Safety Administration (TSA) in securing the nation’s natural gas and oil infrastructure to guard pipeline systems against cyberattacks, terrorist attacks, and other threats.
The State and Local Cybersecurity Improvement Act (H.R. 3138), introduced by Congresswoman Yvette D. Clarke (D-NY), authorizes the creation of a new $500 million grant program that will provide funds to SLTT governments to help them secure their networks from ransomware and other types of cyberattacks.
The Cybersecurity Vulnerability Remediation Act (H.R. 2980), introduced by Congresswoman Sheila Jackson Lee (D-TX), gives the DHS’ Cybersecurity and Infrastructure Security (CISA) Agency the authority to assist critical infrastructure owners and operators in developing mitigation strategies to protect against known, critical vulnerabilities.
The CISA Cyber Exercise Act (H.R. 3223), introduced by Congresswoman Elissa Slotkin (D-MI), creates a National Cyber Exercise program within CISA that will ensure more frequent testing of preparedness and resilience to cyberattacks on critical infrastructure.
The Domains Critical to Homeland Security Act (H.R. 3264), introduced by Ranking Member John Katko (R-NY), gives the DHS the authority conduct research and development into supply chain risks for critical domains of the United States economy, and send the results to Congress.
A further two bills were introduced that tackle non-cybersecurity issues – the DHS Blue Campaign Enhancement Act (H.R. 2795) and the DHS Medical Countermeasures Act” (H.R. 3263) – which strengthen DHS’ human trafficking prevention efforts and DHS’ medical countermeasures following chemical, biological, radiological, nuclear, or explosive attacks, disease outbreaks and pandemics.