The House Homeland Security Committee voted May 18 to advance five bills that would look to improve the nation’s cybersecurity in several areas, including protecting pipeline infrastructure, testing cybersecurity readiness, and improving state and local cybersecurity, among others.
The bills to advance out of committee included the Pipeline Security Act, the CISA (Cybersecurity and Infrastructure Security Agency) Cyber Exercise Act, and the State and Local Cybersecurity Improvement Act. Also advanced out of committee were the Cybersecurity Vulnerability Remediation Act, introduced by Rep. Sheila Jackson Lee, D-Tex., and the Domains Critical to Homeland Security Act, introduced by Rep. John Katko, R-N.Y., the ranking member on the committee.
“Since the beginning of this Congress, this Committee has engaged in extensive oversight of these events and how the Federal government partners with others to defend our networks,” Chairman Bennie Thompson, D-Miss., said in a release. “The legislation we reported today was the result of this oversight. I am pleased that they received broad bipartisan support and hope they are considered on the House floor in short order.”
The Pipeline Security Act was reintroduced by Rep. Emmanuel Cleaver, D-Mo. just a day before advancing out of committee, with the Colonial Pipeline ransomware attack still top of mind. If passed, it will codify CISA and the Transportation Security Agency’s responsibilities in protecting pipelines from cyberattacks and terrorist attacks.
“The Colonial Pipeline ransomware attack that shut down one [of] our nation’s largest pipelines and triggered fuel shortages across the northeast has brought new urgency to our work to protect the country’s critical infrastructure. This attack also follows a string of disturbing cyberattacks against government entities and the private sector,” Thompson said.
The CISA Cyber Exercise Act would authorize and require CISA to establish a National Cyber Exercise Program responsible for testing the nation’s cyber readiness. The bill was introduced by Elissa Slotkin, D-Mich., and would direct the agency to create a set of exercises that states, local governments, and private sector businesses could use to test their cyber readiness.
State and local governments get a win with the advancement of the State and Local Cybersecurity Improvement Act. The bill was reintroduced by Rep. Yvette Clarke, D-N.Y., on May 12, and a similar version passed in the House in the last Congress. The bill would direct the Department of Homeland Security (DHS) to create a $500 million-per-year grant program to incentivize state and local governments to work to improve their cybersecurity.
The committee also advanced two bills aimed at protecting critical infrastructure and the supply chain after a recent spate of cyberattacks exposed vulnerabilities in the cybersecurity of each.
Rep. Lee’s Cybersecurity Vulnerability Remediation Act would authorize CISA to work with the owners and operators of critical infrastructure on mitigation strategies around known and critical vulnerabilities. Rep. Katko’s Domains Critical to Homeland Security Act would direct DHS to do research and development around supply chain risks in domains that are critical to the nation’s economy. It would then be required to submit that report to Congress.
The next step for all these bills is a vote on the full House floor.