Lawmakers introduce bill to protect critical infrastructure against cyberattacks

Rep. Elissa Slotkin (D-Mich.) and other bipartisan House lawmakers on Friday introduced legislation designed to protect critical systems against cyberattacks, a week after a ransomware attack on the Colonial Pipeline significantly disrupted the fuel supply for portions of the country.

The Cybersecurity and Infrastructure Security Agency (CISA) Cyber Exercise Act would require CISA, which is the nation’s key cyber risk agency, to establish a National Cyber Exercise Program to test critical infrastructure readiness against cyberattacks.

The legislation would also require CISA to help state and local governments, along with private industry, design and implement plans to evaluate the safety and security of critical infrastructure.

Co-sponsors of the legislation include Rep. Mike Gallagher (R-Wis.), Rep. Jim Langevin (D-R.I.), the chairman of the House Armed Services Committee cyber subcommittee, and Rep. Andrew Garbarino (R-N.Y.), the ranking member of the House Homeland Security Committee cyber subcommittee. 

The bill was introduced in the wake of the ransomware attack on the Colonial Pipeline, which temporarily disrupted 45 percent of the East Coast’s fuel supply this week after the company chose to shut down the pipeline to protect operational controls. 

Slotkin sent a letter to major pipeline owners and operators in Michigan earlier this week in an effort to urge them to strengthen their cybersecurity protocols in the wake of the attack.

She pointed to the Colonial Pipeline incident on Friday in underlining the need for the new legislation.

“Cyber attacks like the ones launched against the Colonial Pipeline have the potential to devastate our economy and our way of life,” Slotkin said in a statement. “Even if the intent behind an attack is only to steal money or hold data for ransom, the broader consequences can be enormous for our national and economic security, as we’ve seen from public panic and subsequent gas shortages in a number of states on the East Coast this week.”

“This week’s events have clearly shown that cybersecurity is no longer just a ‘tech’ issue — it’s at the very heart of protecting the systems that power our daily lives as Americans,” she added. “We have to make sure the federal government is working hand-in-glove with state and local authorities and private industry to deter these attacks and minimize their impact.”

The legislation was introduced two days after President Biden signed an executive order aimed at strengthening federal cybersecurity after both the Colonial Pipeline attack and several other significant cyber incidents, such as the SolarWinds hack, which compromised nine federal agencies last year.

Slotin noted Friday that the legislation paired with the executive order could help put the nation on a stronger path in defending against malicious hackers. 

“The President’s Executive Order this week is an important step in the right direction for federal cybersecurity, and now Congress has to step up to the plate and address these emerging threats, as well,” she said.