In the aftermath of the ransomware attack on Colonial Pipeline, SolarWinds Supply chain attack, and the cybersecurity executive order of President Biden, the U.S. House Committee on Homeland Security has approved five bipartisan bills that strive to deal with cybersecurity and enhance the protection of critical infrastructure entities and state, local, tribal, and territorial (SLTT) governments.
The cyberattack on Colonial Pipeline compelled the firm to close its 5,500-mile fuel pipeline that provides 45% of the fuel needed in the East Coast. So as to accelerate recovery and lessen disruption, CEO Joseph Blount of Colonial Pipeline approved the ransom payment of $4.4 million to the DarkSide ransomware gang; but, despite paying the ransom, the fuel pipeline continued to be closed for 5 days, resulting in serious disruption to energy supplies.
These cyberattacks have underlined key vulnerabilities in cybersecurity defenses that must be dealt with to strengthen national security.
This week, the five bipartisan cybersecurity bills approved are the following:
1. The Pipeline Security Act (H.R. 3243), presented by Congressman Emanuel Cleaver (D-MO), was introduced two years ago however was unable to obtain traction. The primary objective of the reintroduced bill is to set out the function of the Transportation Safety Administration (TSA) in protecting the country’s natural gas and oil infrastructure to shield pipeline systems against threats including cyberattacks, and terrorist attacks.
2. The State and Local Cybersecurity Improvement Act (H.R. 3138), presented by Congresswoman Yvette D. Clarke (D-NY), allows the making of a new $500 million grant program to give finances to SLTT governments to assist them in securing their systems from ransomware and other forms of cyberattacks.
3. The Cybersecurity Vulnerability Remediation Act (H.R. 2980), presented by Congresswoman Sheila Jackson Lee (D-TX), provides the DHS’ Cybersecurity and Infrastructure Security (CISA) Agency the power to help critical infrastructure owners and operators in creating mitigation tactics to safeguard against identified, critical vulnerabilities.
4. The CISA Cyber Exercise Act (H.R. 3223), presented by Congresswoman Elissa Slotkin (D-MI), establishes a National Cyber Exercise program under CISA that is going to make sure regular testing of readiness and strength to cyberattacks on critical infrastructure.
5. The Domains Critical to Homeland Security Act (H.R. 3264), presented by Ranking Member John Katko (R-NY), provides the DHS the power to perform research and development on supply chain risks for critical domains of the U.S. economy, and give the findings to Congress.
There were two more bills presented that deal with non-cybersecurity problems – the DHS Blue Campaign Enhancement Act (H.R. 2795) and the DHS Medical Countermeasures Act” (H.R. 3263). Both reinforce DHS’s human trafficking reduction initiatives and DHS’s medical countermeasures in the event of biological, chemical, radiological, nuclear, or explosive attacks, pandemics, and disease outbreaks.