House passes host of bills to strengthen cybersecurity in wake of attacks

The House on Tuesday approved five bipartisan measures designed to enhance various aspects of the nation’s cybersecurity following recent major cyberattacks. 

The cyber-related package passed in a 319-105 vote. It included measures to fund cybersecurity at the state and local level, bolster reporting requirements and test critical infrastructure.

One bill, the State and Local Cybersecurity Act, would establish a grant program to provide $500 million annually to state and local governments over the next five years for cybersecurity needs. Rep. Yvette Clarke (D-N.Y.), chair of the House Homeland Security Committee’s cyber panel, is the lead sponsor of that bill.

Also included in the package was the Cybersecurity Vulnerability Remediation Act, which would improve the reporting of cybersecurity vulnerabilities. The bill, primarily sponsored by Rep. Sheila Jackson-Lee (D-Texas), was previously passed by the House in 2019, but failed to get a vote in the Senate. 

A third bipartisan bill, sponsored by Rep. Elissa Slotkin (D-Mich.), would require the Cybersecurity and Infrastructure Security Agency (CISA), an agency within the Department of Homeland Security (DHS), to establish a program to test critical infrastructure readiness against cyberattacks.

Another bill previously approved by the House in the last Congress was also passed Tuesday. The bipartisan Cyber Sense Act, spearheaded by Reps. Bob Latta (R-Ohio) and Jerry McNerney (D-Calif.), would require the secretary of Energy to establish a program to test the cybersecurity of products intended to be used in the bulk power system.

House Homeland Security Committee Chairman John Katko (R-N.Y.), sponsor of the final bill passed Tuesday — the DHS Industrial Control Systems Capabilities Enhancement Act — applauded the chamber’s efforts to prioritize cybersecurity. This bill would enhance partnership between CISA and cyber stakeholders to strengthen critical systems. 

“As I’ve said from day one, we must continue bolstering CISA’s authorities to defend our federal networks and the nation’s critical infrastructure from cyber threats,” Katko said in a statement. “Already this year, the nation has confronted numerous major attempts to compromise federal and private sector networks.”

All of the bills were approved on the heels of mounting cyberattacks by foreign adversaries and cyber criminals against critical U.S. organizations, including the ransomware attacks by Russian-linked cyber criminal groups on Colonial Pipeline and meat producer JBS USA. 

The passage of the five measures on Tuesday came the day after the House unanimously passed two other pieces of legislation intended to secure the energy sector against cyberattacks, both previously approved by the House Energy and Commerce Committee.

The Energy Emergency Leadership Act, primarily sponsored by Rep. Bobby Rush (D-Ill.), would enhance the leadership at DHS to address cyber threats, while the Enhancing Grid Security Through Public-Private Partnerships Act, also sponsored by McNerney and Latta, would create a program to enhance cyber and physical electric grid security. 

Both pieces of legislation were previously approved by the House last year. The Senate Energy and Natural Resources Committee included the Cyber Sense Act and the Enhancing Grid Security bill in its massive energy package, approved last week, that is expected to be part of a bipartisan infrastructure framework.

“The Colonial Pipeline ransomware attack was painful proof that bad actors are increasingly focused on exploiting and attacking our nation’s most critical infrastructure,” House Energy and Commerce Committee Chairman Frank Pallone (D-N.J.) and Rush said in a joint statement Tuesday following the passage of the energy sector bills.

“It’s absolutely crucial that we keep pace with the tools and resources necessary to both stop and mitigate fallout from these cyberattacks, and thankfully, today the House voted to do just that,” they added.

The legislation advanced Tuesday also drew praise from outsider observers, with former CISA Director Christopher Krebs tweeting his support for the CISA-linked legislation.

“Great to see these bi-partisan @CISAgov-enabling bills clear the House today, including boosting state/local cyber grants, expanding cyber exercises, and codifying the Agency as the front door for industrial control systems cybersecurity work,” Krebs tweeted. “On to the Senate!”