On Monday, the U.S. House Committee on Homeland Security has adopted five bills that are called to bolster the state’s cyber defense. The bills come in response to high-impact cyberattacks that hit U.S. organizations and critical infrastructure this year, including the ransomware attack that shut down the largest U.S. pipeline, Colonial Pipeline, and caused a widescale fuel shortage in multiple northeastern states.
Before it, SolarWinds supply-chain attack, largely believed to have been coordinated by the Russian Foreign Intelligence Service (SVR), compromised the networks of U.S. federal agencies and hundreds of private tech sector companies.
The five bipartisan bills introduced include:
- H.R. 2980, The “Cybersecurity Vulnerability Remediation Act” – authorizes CISA to assist with mitigation of the most critical, known vulnerabilities
- H.R. 3138, The “State and Local Cybersecurity Improvement Act” – establishes a new $500 million grant program to provide US governments with funding to secure their networks
- H.R. 3223, The “CISA Cyber Exercise Act” – launches a National Cyber Exercise program within CISA to promote more regular testing of preparedness to cyber attacks on critical infrastructure
- H.R. 3243, The “Pipeline Security Act” – enhances the ability of TSA, the pipeline security authority, to protect pipeline systems against cyberattacks
- H.R. 3264, The “Domains Critical to Homeland Security Act” – authorizes DHS to research supply chain risks within critical domains of the U.S. economy
The five bills are also designed to improve defenses of networks from cyber threats targeting critical security vulnerabilities. Examples of such threats are attacks against Microsoft Exchange Server and Pulse Connect Secure that took place earlier this year.
The Committee has conducted an extensive evaluation of these incidents and how the Federal government collaborates with other agencies to defend the critical networks.
“The legislation we reported today was the result of this [evaluation]. I am pleased that they received broad bipartisan support and hope they are considered on the House floor in short order,” said Chairman Bennie G. Thompson.
The bills also authorize the Cybersecurity and Infrastructure Security Agency (CISA) to help secure SLTT networks. CISA is also authorized to promote testing of cyber-attack preparedness.
“Other measures passed in today’s markup include bills to help State and Local governments protect their networks, provide critical infrastructure owners and operators with mitigation strategies against critical vulnerabilities, and establish a national cyber exercise program to promote more regular testing of preparedness and resilience to cyber attacks against critical infrastructure,” the Committee said in a press release.