Key House leader to press for inclusion of cybersecurity in infrastructure bill

Rep. Yvette Clarke (D-N.Y.), the chair of a key cyber House panel, said Wednesday that she would push for inclusion of language on securing critical systems as part of negotiations around President’s Biden’s infrastructure proposal.

“I believe the administration’s infrastructure package, the American Jobs Plan, is an opportunity to ensure that security is integrated, or baked into, critical infrastructure projects at the beginning, and not tacked on at the end or patched up along the way,” Clarke, the chair of the House Homeland Security Committee’s cybersecurity subcommittee, said during a virtual event hosted by the Cybersecurity Coalition.

The proposed $2.25 trillion infrastructure package, rolled out last week, did not include any language specifically around securing the electric grid or other critical infrastructure against increasing cyber threats, raising concerns among some experts. 

Clarke, who told The Hill earlier this year that bolstering critical systems in any infrastructure package would be a priority for her, said Wednesday that she was “committed to working with stakeholders to find opportunities to ensure that critical infrastructure is resilient to the cyber threats we face.”

State and local governments have seen critical systems increasingly disrupted by cyberattacks during the COVID-19 pandemic, and often do not have the resources necessary to fully confront the threats. 

Clarke said she planned to reintroduce bipartisan legislation passed by the House during the last Congress that would provide $500 million in grant funds to state and local government to help defend against malicious hackers. The bill did not get a vote in the Senate. 

“Improving the baseline of our cybersecurity posture across infrastructure sectors is crucial to ensuring the continuity of operations, of effective industry, and the freeing of cyber talent to defend against more sophisticated threats,” Clarke said Wednesday. “Toward that end, in the coming weeks, I will introduce the State and Local Cybersecurity Improvement Act.”

While the White House may not have included specific cybersecurity measures in the infrastructure proposal, there is a separate effort ongoing by the Biden administration to secure critical systems. 

A spokesperson for the National Security Council told The Hill last week that the administration “is committed to safeguarding the cybersecurity of U.S. critical infrastructure from persistent and sophisticated threats” and has “launched a 100 Day Control Systems cybersecurity initiative, working closely with the private sector that manages much of this critical infrastructure like those for electricity and water, to improve cybersecurity.”

Jeff Greene, the director of the National Cybersecurity Centre for Excellence at the Commerce Department who was recently detailed to the National Security Council, said during the same event Wednesday that more was to come on protecting critical infrastructure. 

“We are working on a plan for cybersecurity in the critical infrastructure sector that is, pieces of it are hopefully going to be rolled out relatively soon,” Greene said. “Just because you aren’t seeing that necessarily mentioned in Column A doesn’t mean we aren’t working on it pretty aggressively in Column B.”

“Again, it’s not fully out there yet, but we are actively working on that issue with the program that we hope to roll out pretty soon to try to hit the things we can think can make the biggest impact the quickest,” he added.