Lawmakers roll out legislation to defend pipelines against cyber threats
A bipartisan group of more than a dozen House lawmakers have reintroduced legislation to defend pipelines against cyberattacks, with the bill coming on the heels of the devastating ransomware attack that forced the shutdown of Colonial Pipeline.
The Pipeline Security Act would codify the responsibility of both the Transportation Security Administration (TSA) and the Cybersecurity and Infrastructure Security Agency’s (CISA) responsibility for securing pipelines against threats. The effort is being led by Rep. Emanuel Cleaver (D-Mo.).
It would also require TSA to update pipeline security guidelines and conduct risk assessments, create a personnel strategy for staffing its Pipeline Security Section and improve congressional oversight of TSA’s pipeline efforts.
The legislation was previously introduced by Cleaver in 2019, but it failed to get a vote in the House.
It is being rolled out again a week after the Colonial Pipeline, which provides 45 percent of the East Coast’s fuel supply, shut down operations to protect operational controls against a ransomware attack on its IT system, causing gas shortages in multiple states.
The pipeline resumed operations earlier this week after Colonial paid the hackers — who President Biden said were based in Russia — the equivalent of almost $5 million to regain access to its networks.
“It’s become clear that cyber-attacks on our critical infrastructure are national security and economic threats to the homeland,” Cleaver said in a statement Friday. “The recent ransomware attack on the Colonial Pipeline, which caused the shutdown of thousands of miles of gas pipeline along the East Coast, was just the latest example of why Congress must act swiftly to harden our critical infrastructure and bolster our cybersecurity capabilities.”
The bill is co-sponsored by multiple other lawmakers on both sides of the aisle, including House Homeland Security Committee Chairman Bennie Thompson (D-Miss.) and ranking member John Katko (R-N.Y.).
Thompson said in a statement Friday that the legislation would help ensure the federal response to cyber threats against pipelines is “rapid, clear, and consistent.”
“Both physical and cybersecurity threats to our infrastructure have the potential to harm our economy, undermine our national defense, and interrupt our daily lives,” Thompson said. “The attack on the Colonial Pipeline this week was just one example of what could go wrong and it’s clear we may not be as lucky in the future if we don’t adjust.”
Katko also underlined the importance of securing pipelines, noting in a separate statement that he would “continue working in a bipartisan manner” to protect critical infrastructure against future attacks.
“The recent ransomware attack against Colonial Pipeline Company further highlights the threats facing our nation’s critical infrastructure and the potential cascading impacts cyber attacks can have on our economy,” Katko said. “With attacks of this nature on the rise, it’s more important than ever to strengthen our cyber resilience.”
Other sponsors of the bill are Reps. Bonnie Watson Coleman (D-N.J.), Yvette Clarke (D-N.Y.), Sheila Jackson Lee (D-Texas), Jim Langevin (D-R.I.), Lou Correa (D-Calif.), Al Green (D-Texas), Eric Swalwell (D-Calif.), Dina Titus (D-Nev.), Nanette Diaz Barragán (D-Calif.), Elaine Luria (D-Va.), Richie Torres (D-N.Y.), and Carlos Gimenez (R-Fla.).
The House Homeland Security Committee is intending to take action quickly on the bill, with the committee set to mark up this legislation and other cybersecurity-related measures next week.
Other bills set to be discussed is the CISA Cyber Exercise Act, introduced by Rep. Elissa Slotkin (D-Mich.) earlier on Friday, and the State and Local Cybersecurity Improvement Act, introduced by a group of bipartisan sponsors earlier this week.