House advances cybersecurity bills in wake of pipeline company hack
Following a week filled with a devastating ransomware attack and a massive executive order to strengthen the federal government's networks, a House panel on Tuesday advanced several bills largely aimed at DHS and CISA.
The House Homeland Security Committee on Tuesday advanced multiple bills focused on bills focused on cybersecurity and pipeline security in the wake of the ransomware attack against Colonial Pipeline and the release of President Joe Biden's cybersecurity executive order.
Included in the tranche of bills passed by the committee is the "Pipeline Security Act" which codifies the Transportation Safety Administration's role in securing the country's natural gas and oil infrastructure. The bill, which has been previously introduced but failed to gain traction in past years, was re-introduced following the disruptive cyberattack on a key East Coast pipeline.
Sen. Maria Cantwell (D-Wash.), chairwoman of the Senate Committee on Commerce, Science and Transportation, sent a letter to Department of Homeland Security Secretary Alejandro Mayorkas following the incident highlighting issues with TSA's oversight of pipeline infrastructure. The Federal Energy Regulatory Commission, one of several entities Cantwell noted have "key roles" in the issue, has explicitly pushed lawmakers in the past to expand its own authorities over natural gas pipelines.
Colonial Pipeline's CEO Joseph Blount confirmed the company paid a $4.4 million ransom to Darkside following the compromise, according to multiple news reports. Blount defend his company's actions as being the "right thing to do" for the country, in an interview with the Wall Street Journal.
The House panel also passed the "State and Local Cybersecurity Improvement Act," introduced by Rep. Yvette Clarke (D-N.Y.), which would authorize a $500 million grant program to assist state, local, tribal and territorial governments harden their networks. That funding would be in addition to $650 million the Cybersecurity and Infrastructure Security Agency received through the American Rescue Plan Act, which CISA officials say will help them staff teams to assist local governments across the country.
The panel advanced bills to authorize CISA to assist critical infrastructure owners and operators with mitigation strategies as well as establish a "National Cyber Exercise" program within the agency to promote resiliency assessments of critical infrastructure against attacks.
A bill by committee ranking member Rep. John Katko (R-N.Y.) would permit DHS to research risks to the United States' supply chain. Two other bills, also passed on Tuesday, are aimed at strengthening DHS' human trafficking prevention efforts as well as the agency's medical countermeasures in the event of disaster.