Critical infrastructure cyber defense legislation introduced in U.S. Senate

Following a new National Security Memorandum signed by President Joe Biden aimed at strengthening cybersecurity for the nation’s critical infrastructure, a bipartisan group of U.S. senators recently introduced the Defense of United States Infrastructure Act, S. 2491, legislation aimed at improving cybersecurity for private and public critical infrastructure. 

“In recent months, we’ve seen our gas pipelines, food system, water systems, and more hacked and attacked – and those are just the incidents that rose to widespread awareness. These intrusions have made one thing crystal clear: America’s critical infrastructure is dangerously vulnerable to cyber disaster,” said U.S. Sen. Angus King (I-ME), the sponsor of the bill. “In an increasingly-wired society, a targeted cyberattack could cripple key systems, cost countless lives, and have direct impacts on our everyday life,” he said.

Sen. King introduced S. 2491 on July 27 along with cosponsors U.S. Sens. Mike Rounds (R-SD) and Ben Sasse (R-NE) in order to strengthen America’s cyber resilience and improve cybersecurity among the nation’s Systemically Important Critical Infrastructure (SICI). 

“We cannot ignore the massive cybersecurity vulnerabilities in American infrastructure systems,” Sen. Rounds said. “As we saw with the recent hacks of U.S. companies, our country must act now to identify and prevent future cyberattacks.” 

The proposed bill would amend the Homeland Security Act of 2002 to establish the National Cyber Resilience Assistance Fund; improve the ability of the federal government to assist in enhancing critical infrastructure cyber resilience; improve security in the national cyber ecosystem; and address SICI.

The bill would establish the National Cyber Resilience Assistance Fund to invest in cyber and shift the focus away from reactive disaster spending toward risk-driven, proactive investments in cyber resilience.

Additionally, the bill would task the U.S. Secretary of Homeland Security with creating a new designation for the most critical infrastructure — like elements of the power grid, the financial sector, water systems, and others — whose disruption could cause severe damage to national security, economic security, or public health and safety.

“This is the type of infrastructure we need to be focusing on and talking about. The hackings that have occurred these past few months are alarming and we need to address them now before they get worse,” said Sen. Sasse. 

And among other provisions, S. 2491 would establish hiring authorities for the newly created Office of the National Cyber Director, and task the director of the Cybersecurity and Infrastructure Security Agency to establish the Joint Collaborative Environment, a cloud-based information sharing environment to support a whole-of-government understanding of the cyber threats facing the United States and enable public-private partnerships to confront threats, according to a summary of the bill.