US introduces bills to secure critical infrastructure from cyber attacks

The U.S. House Committee on Homeland Security has passed five bipartisan bills on Monday to bolster defense capabilities against cyber attacks targeting U.S. organizations and critical infrastructure.

These bills were introduced as a direct result of the Homeland Security Committee's oversight of recent cyber attacks, including the ransomware attack that forced Colonial Pipeline to shut down the largest U.S. pipeline.

While Colonial Pipeline reportedly paid a $5 million ransom, this didn't stop a widescale fuel shortage that impacted multiple northeastern states.

Another incident that prompted these bills is the SolarWinds supply-chain attack that provided Russian Foreign Intelligence Service (SVR) hackers with access to the networks of U.S. federal agencies and private tech sector companies.

The five bipartisan bills are also designed to make it easier to defend networks from cyber attacks using critical security vulnerabilities such as those abused in campaigns targeting vulnerable Microsoft Exchange Server and Pulse Connect Secure devices earlier this year.

Since the beginning of this Congress, this Committee has engaged in extensive oversight of these events and how the Federal government partners with others to defend our networks. The legislation we reported today was the result of this oversight. I am pleased that they received broad bipartisan support and hope they are considered on the House floor in short order. — Chairman Bennie G. Thompson

Besides legislation to enhance US pipeline security, the bills also authorize the Cybersecurity and Infrastructure Security Agency (CISA) to help secure SLTT networks and promote regular testing of cyber attack preparedness.

"Other measures passed in today’s markup include bills to help State and Local governments protect their networks, provide critical infrastructure owners and operators with mitigation strategies against critical vulnerabilities, and establish a national cyber exercise program to promote more regular testing of preparedness and resilience to cyber attacks against critical infrastructure," the Committee said in a press release.

The five bipartisan bills introduced in House on Monday include:

H.R. 2980, The “Cybersecurity Vulnerability Remediation Act” - authorizes CISA to assist critical infrastructure owners and operators with mitigation strategies against the most critical, known vulnerabilities, H.R. 3138, The “State and Local Cybersecurity Improvement Act” - seeks to authorize a new $500 million grant program to provide State and local, Tribal, and Territorial governments with dedicated funding to secure their networks from ransomware and other cyber attacks. H.R. 3223, The “CISA Cyber Exercise Act” - establishes a National Cyber Exercise program within CISA to promote more regular testing and systemic assessments of preparedness and resilience to cyber attacks against critical infrastructure. H.R. 3243, The “Pipeline Security Act” - enhances the ability of TSA—the principal Federal entity responsible for pipeline security—to guard pipeline systems against cyberattacks, terrorist attacks, and other threats. This measure codifies TSA’s Pipeline Security Section and clarifies TSA’s statutory mandate to protect pipeline infrastructure. H.R. 3264, The “Domains Critical to Homeland Security Act” - authorizes DHS to conduct research and development into supply chain risks for critical domains of the United States economy and transmit the results to Congress.