Five New Bills Introduced to Secure Federal Critical Infrastructure | Digital Guardian

The Industry’s Only SaaS-Delivered Enterprise DLP

Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.

No-Compromise Data Protection is:

  • Cloud-Delivered
  • Cross Platform
  • Flexible Controls
DATAINSIDER

Digital Guardian's Blog

Five New Bills Introduced to Secure Federal Critical Infrastructure

by Chris Brook on Wednesday May 19, 2021

Contact Us
Free Demo
Chat

Two weeks removed from the Colonial Pipeline incident, bipartisan House lawmakers introduced five different acts designed to better secure federal critical infrastructure from cyberattacks.

It was clear just five months ago, after the SolarWinds hack, that something on a federal level had to be done.

Now, just a week and some change after the Colonial Pipeline ransomware attack, an incident that it can be argued had much more palpable repercussions - including a short-lived fuel shortage – lawmakers have advanced five bills in hopes of better safeguarding federal entities from cyberattacks.

The U.S. House Committee on Homeland Security introduced the bills over the past several days, with many politicians pointing to the Colonial Pipeline attack and the nasty precedent its feared it could set when it comes to the severity of cyberattacks against U.S. critical infrastructure.

The five bills include the following:

The “Pipeline Security Act” (H.R. 3243)

This bill is designed to make it easier for the TSA, was put in charge of pipeline cybersecurity when it was formed, to safeguard pipeline systems against cyberattacks, terrorist attacks, and other threats.

The “State and Local Cybersecurity Improvement Act” (H.R. 3138)

The aim of this bill is to authorize a $500 million grant program to provide SLTT (state, local, tribal, and territorial) governments with money to better secure their networks from ransomware and other cyberattacks.

The “Cybersecurity Vulnerability Remediation Act” (H.R. 2980)

This bill would make it so CISA, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, would be authorized to assist critical infrastructure owners and operators with mitigation strategies against critical, known vulnerabilities.

The “CISA Cyber Exercise Act” (H.R. 3223)

Another bill that would empower CISA, this act would establish a National Cyber Exercise program inside CISA, something that lawmakers believe could translate to more regular testing and systemic assessments of preparedness and resilience to cyberattacks against critical infrastructure.

The “Domains Critical to Homeland Security Act” (H.R. 3264)

This bill would authorize DHS to conduct research and development into supply chain risks for critical domains of the U.S. economy and then, send the results to Congress.

Rep. Elissa Slotkin (D-Mich.) who introduced the CISA Cyber Exercise Act did so after sending a letter to major pipeline owners and operators in her state last week, urging them to make sure they have the appropriate security protocols in place following the Colonial Pipeline incident.

“The proactive shutdown of the pipeline, as a result of the attack, has led to one of the most significant cyber-driven disruptions of U.S. energy infrastructure in our history — and serves as a clear reminder of the importance of cybersecurity to our daily lives,” Slotkin wrote.

The five bills were part of a slate of bills passed by the Committee on Homeland Security; the above five, obviously, pertained to cybersecurity matters; the other two, the DHS Blue Campaign Enhancement Act, related to human trafficking prevention, the DHS Medical Countermeasures Act, related to forming a program to strengthen the United States' response to a pandemic.

The bills of course, come just a few short days after President Biden signed an executive order geared at strengthening the country's cybersecurity posture.

The executive order, long awaited, is designed to implement stronger cybersecurity standards across the government, establish an entity similar to the National Transportation Safety Board to review hacks after they happen, ensure that companies are sharing threat information with CISA and the FBI, and enhancing supply chain security, among other objectives.

Tags: Government

Recommended Resources


  • The seven trends that have made DLP hot again
  • How to determine the right approach for your organization
  • Making the business case to executives
  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.