The recent ransomware attack against the Colonial Pipeline illustrates the need for a plan to protect the economy in the event of a major cyberattack, according to members of the House’s Homeland Security Committee (HSC). The Colonial Pipeline shut down operations last week as a result of the attack, leaving 45 percent of the U.S. East Coast without its normal fuel supply.
Lawmakers like Rep. Bennie G. Thompson (D-Mississippi) and John Katko (R-New York) are urging the Biden administration to develop a strategy that would ensure the continuous operation of key economic functions should the normal economy suffer a disruption from a significant cyberattack. Thompson is the HSC’s Chairman, while Katko is its ranking Republican. The authorization for such a measure was included in the defense authorization bill that was approved last year, although it hasn’t been implemented yet.
Thompson and Katko sent a letter to President Biden saying, “Last week, we witnessed the exact reason this provision was enacted into law and why we supported it. The question now becomes one of implementation.” The letter went on to emphasize the need for President Biden to act expeditiously to ensure the economy’s resiliency in the wake of the Colonial ransomware attack.
Executive Order
The Biden administration has already taken steps to address the economic impact of these attacks. Biden signed an executive order in May 2021 that outlines stronger cybersecurity requirements for government contractors that develop software. His administration also launched a series of initiatives to improve cybersecurity in the nation’s key infrastructure, especially oil and gas suppliers and the electric grid.
These efforts are receiving broad support from Congress, but they aren’t a substitute for an overall strategy according to Thompson and Katko. They said in their letter to the President that the Colonial Pipeline incident highlights the interdependency of critical infrastructure in the U.S., despite the fact that Colonial is already restoring their pipeline operations. Their letter also emphasized that the administration must do more and requested a briefing on the White House’s strategy for dealing this threat. The White House has declined to comment.
Bills
The HSC also passed numerous bills on May 18, 2021 intended to prevent similar attacks in the future. Katko commented on the legislation, saying that the attacks had “the potential to disrupt our daily lives and impact our economic and national security.” He added that the HSC’s passage of these bills represents progress toward improving the nation’s ability to mitigate future attacks.
These bills include the Pipeline Security Act (PSA), which seeks to strengthen the Transportation Security Administration’s (TSA’s) role in responding to pipeline attacks. The HSC also advanced four other bills on this issue, including one that would establish an incentive-based program allowing interested parties to compete in providing solutions for remediating cybersecurity vulnerabilities. This legislation also included a bill to create a grant program for various state, local and tribal agencies to address cybersecurity risks and threats. A third bill will establish a “National Cyber Exercise Program” to assess the nation’s readiness and ability to respond to security incidents. The fourth bill will identify the risks in critical supply chains.
Capitol Hill dome interior flickr photo by Timothy Neesam (GumshoePhotos) shared under a Creative Commons (BY-ND) license