Senators introduce legislation to protect critical infrastructure against attack

Senators introduce legislation to protect critical infrastructure against attack
© Greg Nash

Sens. Maggie HassanMargaret (Maggie) HassanOvernight Health Care: Biden announces 1M have enrolled in special ObamaCare sign-up period | Rand Paul clashes with Fauci over coronavirus origins | Biden vows to get 'more aggressive' on lifestyle benefits of vaccines Biden health official says COVID-19 vaccine booster shots will be free Sununu seen as top recruit in GOP bid to reclaim Senate MORE (D-N.H.) and Ben SasseBen SasseOvernight Energy: 5 takeaways from the Colonial Pipeline attack | Colonial aims to 'substantially' restore pipeline operations by end of week | Three questions about Biden's conservation goals Hillicon Valley: Colonial Pipeline attack underscores US energy's vulnerabilities | Biden leading 'whole-of-government' response to hack | Attorneys general urge Facebook to scrap Instagram for kids Utah county GOP censures Romney over Trump impeachment vote MORE (R-Neb.) on Friday introduced legislation intended to protect critical infrastructure from cyberattacks and other national security threats. 

The National Risk Management Act would require the Cybersecurity and Infrastructure Security Agency (CISA) to conduct a five-year national risk management cycle. This would involve CISA identifying and compiling the major risks to critical infrastructure in a report sent to the president and Congress, with the president then detailing to Congress how the administration was tackling these threats. 

Hassan emphasized the need to focus on emerging threats such as those from foreign hackers, which have escalated during the past year. 


“When a criminal shuts down a hospital system to get a ransomware payment or a foreign adversary hacks government agencies, we face grave threats to our national security and well-being,” Hassan, who serves as chair of the Senate Homeland Security’s subcommittee on Emerging Threats, said in a statement. 

Sasse, who is a member of the Senate Intelligence Committee, stressed in a separate statement the need to protect critical systems due to the changing nature of attacks. 

“The rules of war are being re-written,” Sasse said. “China and Russia are increasingly brazen in their use of cyber tools to get inside American critical infrastructure networks. These critical systems must be more resilient. It’s time to get serious about the future of war and how we protect the systems that allow our daily life to run smoothly.”

The legislation was rolled out after multiple cyberattacks on critical organizations and infrastructure.  

The SolarWinds attack, first discovered in December, involved Russian hackers compromising nine federal agencies and 100 private sector groups for months in one of the largest cyber espionage events in U.S. history. 


Recently uncovered vulnerabilities in Microsoft’s Exchange Server application and Ivanti’s Pulse Connect Secure products have been used by Chinese hackers to potentially compromise thousands of organizations. 

Critical infrastructure has also been threatened by hackers. A key industry official said earlier this month that the electricity sector had seen an “unprecedented” rise in attempted cyberattacks on the electric grid over the past year, while a hacker unsuccessfully attempted to poison the water supply in Oldsmar, Fla., earlier this year. 

Hassan has made federal cybersecurity a key priority, sponsoring legislation signed into law during the last Congress that helped to establish a cybersecurity coordinator in each state to combat threats, along with other legislation to strengthen cybersecurity at the Department of Homeland Security. 

“We must stay ahead of emerging threats to critical infrastructure, and I am glad to work across the aisle to help ensure that the administration and Congress are working together to make our critical infrastructure sectors more secure,” Hassan said.