US introduces bills to secure Critical Information Infrastructure
Recently, the US House Committee on Homeland Security has passed five bipartisan bills to strengthen defence capabilities against cyber-attacks targeting US organisations and critical information infrastructure.
These bills were introduced as a direct result of the Homeland Security Committee’s oversight of recent cyber-attacks. The triggering factor was ransomware attack that forced Colonial pipeline to shut down. It was the largest US pipeline. Even though the pipeline had paid $5 million in ransom, widescale fuel shortage wasn’t rectified which impacted multiple north-eastern states. As a result, the U.S had to declare a state of emergency in 17 states.
Another major incident which prompted these bills is the SolarWinds supply-chain attack that provided Russian intelligence hackers with access to the network of at least nine US federal agencies and multiple private tech sector companies. US in return imposed sanctions on Russia.
These five bipartisan bills are also designed to defend networks from cyber attacks using critical security vulnerabilities. The recent Microsoft’s Exchange Server breach also affected multiple organisations earlier this year.
How Bipartisanship Works in United States
Bipartisanship is a political situation that occurs when two opposing parties work together to achieve common goals. The opposite is partisanship where party members adhere to their ideologies and platforms even when it is destructive to the national interest.
The Bipartisan Bills
The Five bills passed include:
1. H.R. 2980, The “Cybersecurity Vulnerability Remediation Act.”
This authorizes Cybersecurity and Infrastructure Security Agency (CISA) to assist critical infrastructure owners and operators with mitigation strategies against the most critical and known vulnerabilities.
2. H.R. 3138, The “State and Local Cybersecurity Improvement Act.”
This law seeks to authorize a new $500 million grant program to provide state and local, Tribal and Territorial governments with dedicated funding to secure their networks from ransomware and other cyber-attacks.
3. H.R. 3223, The “CISA Cyber Exercise Act.”
This law establishes a National Cyber Exercise program within CISA to promote more regular testing and systematic assessments of preparedness and resilience to cyber-attacks against critical infrastructure.
4. H.R. 3243, The “Pipeline Security Act.”
This act seeks to enhance the ability of Transportation Security Administration (TSA). It is a principal Federal agency responsible for pipeline security. Its function is to guard pipeline systems against cyberattacks, terrorist attacks, and other threats. This measure codifies TSA’s Pipeline security section and clarifies TSA’s statutory mandate to protect pipeline infrastructure.
5. H.R. 3264, The “Domains Critical to Homeland Security Act.”
This act authorizes Department of Homeland Security (DHS) to conduct research and developments into supply chain risks for critical domains of the US economy and transmit results to Congress.
Critical Infrastructure Protection in India
Section 70 of the Information Technology Act, 2000, seeks to protect Critical Information Infrastructure. It describes critical information infrastructure as “the computer resource, the incapacitation or destruction of which, shall have debilitating impact on national security, economy, public health or safety.”
There is also a nodal agency- the National Critical Information Infrastructure Protection Centre (NCIIPC) tasked to protect Indian critical information infrastructure.
Do subscribe to our Telegram channel for more resources and discussions on technology law and news. To receive weekly updates don’t forget to subscribe to our Newsletter.
You can also follow us on Instagram, Facebook, LinkedIn, and Twitter for frequent updates and news flashes about #technologylaw.