House approves raft of cyber bills in wake of ransomware attacks
The House on Tuesday approved a host of bipartisan bills meant to strengthen and expand CISA’s role in the country’s cybersecurity and better secure critical infrastructure networks.
The measures — which previously cleared the House Homeland Security Committee — come as congressional lawmakers scramble for policy solutions following a series of high-profile ransomware attacks and digital assaults on key U.S. sectors.
- DHS Industrial Control Systems Capabilities Enhancement Act of 2021. Gives CISA's director the lead role in federal government efforts to "identify and mitigate" risks and threats to computer systems that control critical industrial systems, such as electricity generation and water treatment.
- CISA Cyber Exercise Act. Establishes a National Cyber Exercise Program within CISA to test U.S. response plans for major cyber incidents.
- State and Local Cybersecurity Improvement Act. Creates a $500 million annual grant program for state and local cybersecurity operations, administered by CISA.
- Cybersecurity Vulnerability Remediation Act. Authorizes CISA to disseminate information to the public about vulnerabilities in the software and hardware of information systems.
- Domains Critical to Homeland Security Act. Allows DHS to conduct research and development into supply chain risks for critical domains of the U.S. economy and share the results with Capitol Hill.
The chamber also approved a trio of bills related to the energy sector:
- Energy Emergency Leadership Act. Requires the Energy Secretary to assign energy emergency and energy security responsibilities, including infrastructure and cybersecurity, to an assistant secretary.
- Enhancing Grid Security through Public-Private Partnerships Act. Directs the Energy Secretary to create and implement a program to enhance the physical and cybersecurity of electric utilities, in consultation with state and other federal officials and the private sector.
- Cyber Sense Act of 2021. Create a voluntary Cyber Sense program at the Department of Energy to test the cybersecurity of products and technologies intended for use in the bulk-power system.
6:20 p.m. ET: Article updated to include details on additional energy sector cybersecurity bills.
Martin Matishak is a senior cybersecurity reporter for The Record. He spent the last five years at Politico, where he covered Congress, the Pentagon and the U.S. intelligence community and was a driving force behind the publication's cybersecurity newsletter.