Legislation to secure critical systems against cyberattacks moves forward in the House

Multiple bills meant to secure critical infrastructure against cyber threats were approved by the House Homeland Security Committee on Tuesday afternoon, just a week after a ransomware attack on the Colonial Pipeline caused fuel shortages across the nation. 

The committee unanimously approved the Pipeline Security Act, introduced last week by Rep. Emanuel Cleaver (D-Mo.) and a dozen other bipartisan cosponsors, which would boost pipeline security efforts at both the Transportation Security Administration (TSA) and the Cybersecurity and Infrastructure Security Agency (CISA).

Additionally, the committee approved legislation, spearheaded by Rep. Elissa Slotkin (D-Mich.) requiring CISA to establish a National Cyber Exercise Program to test critical infrastructure readiness against cyberattacks.

The State and Local Cybersecurity Act, a major bipartisan effort to help defend against cyber attacks sponsored primarily by Rep. Yvette Clarke (D-N.Y.), chair of the committee’s cybersecurity subcommittee, was also unanimously approved. The legislation would provide $500 million annually for five years to state and local governments to address increasing cyber threats.

Finally, the committee also approved legislation sponsored primarily by Rep. Sheila Jackson Lee (D-Texas) to help improve the reporting of cybersecurity vulnerabilities. The legislation was previously approved by the House in 2019, but was never taken up by the Senate. 

Jackson Lee testified Tuesday of the need for the legislation following reports that Colonial Pipeline paid the cyber criminals behind the ransomware attack around $5 million to regain access to its networks and begin operations after temporarily shutting down. The company has not publicly confirmed that it paid the ransom, but it has not denied reports. 

“When Colonial Pipeline was asked by the White House to respond about whether they paid ransom, it was a slow, slow response, almost attempting to hide from the government what they had done,” Jackson Lee noted. 

The leaders of the House Homeland Security Committee on Tuesday underlined the need to move the legislation quickly, particularly following escalating cyberattacks in recent months such as the SolarWinds hack and the recent ransomware attack that forced the temporary shut down of the Colonial Pipeline. 

“Just over 10 days ago, a ransomware attack against one of the nation’s largest pipeline companies has brought a new urgency to our work,” Committee Chairman Bennie Thompson (D-Miss.) said during the markup on Tuesday. “Since the beginning of this Congress, this committee has engaged in extensive oversight of these events and how the Federal government partners with others to defend our networks. Today, we are considering measures resulting from that oversight.”

Ranking member John Katko (R-N.Y.) also expressed his support for the measures.

“As many Americans witnessed just last week, cyber attacks have the potential to disrupt our daily lives and impact our economic and national security,” Katko said. “The committee’s passage of several cyber-focused bills represents critical progress toward improving our cyber resilience and making sure our country is better prepared to mitigate attacks like this in the future.

All four bills are next headed to the House floor for a vote. While timing on when the House will consider the measures is unclear, a spokesperson for Thompson told The Hill that they may be brought up in June.