Sens. Maggie Hassan (D-N.H.) and Ben Sasse (R-Neb.) on Friday introduced legislation intended to protect critical infrastructure from cyberattacks and other national security threats.
The National Risk Management Act would require the Cybersecurity and Infrastructure Security Agency (CISA) to conduct a five-year national risk management cycle. This would involve CISA identifying and compiling the major risks to critical infrastructure in a report sent to the president and Congress, with the president then detailing to Congress how the administration was tackling these threats.
Hassan emphasized the need to focus on emerging threats such as those from foreign hackers, which have escalated during the past year.
“When a criminal shuts down a hospital system to get a ransomware payment or a foreign adversary hacks government agencies, we face grave threats to our national security and well-being,” Hassan, who serves as chair of the Senate Homeland Security’s subcommittee on Emerging Threats, said in a statement.
Sasse, who is a member of the Senate Intelligence Committee, stressed in a separate statement the need to protect critical systems due to the changing nature of attacks.
“The rules of war are being re-written,” Sasse said. “China and Russia are increasingly brazen in their use of cyber tools to get inside American critical infrastructure networks. These critical systems must be more resilient. It’s time to get serious about the future of war and how we protect the systems that allow our daily life to run smoothly.”
The legislation was rolled out after multiple cyberattacks on critical organizations and infrastructure.
The SolarWinds attack, first discovered in December, involved Russian hackers compromising nine federal agencies and 100 private sector groups for months in one of the largest cyber espionage events in U.S. history.
Recently uncovered vulnerabilities in Microsoft’s Exchange Server application and Ivanti’s Pulse Connect Secure products have been used by Chinese hackers to potentially compromise thousands of organizations.
Critical infrastructure has also been threatened by hackers. A key industry official said earlier this month that the electricity sector had seen an “unprecedented” rise in attempted cyberattacks on the electric grid over the past year, while a hacker unsuccessfully attempted to poison the water supply in Oldsmar, Fla., earlier this year.
Hassan has made federal cybersecurity a key priority, sponsoring legislation signed into law during the last Congress that helped to establish a cybersecurity coordinator in each state to combat threats, along with other legislation to strengthen cybersecurity at the Department of Homeland Security.
“We must stay ahead of emerging threats to critical infrastructure, and I am glad to work across the aisle to help ensure that the administration and Congress are working together to make our critical infrastructure sectors more secure,” Hassan said.