Congresswoman Elaine Luria (D-Virginia-02) is cosponsoring the Pipeline Security Act, which requires the Travel Security Administration (TSA) to update its pipeline security policies, develop a staffing strategy for the Pipeline Security Section, and improve congressional oversight. On Tuesday, the bill reported out of the House Homeland Security Committee.
“Cybersecurity is a dangerous and emerging threat, and the recent attack on the Colonial Pipeline proves we need to do more to protect our vital infrastructure,” Luria said. “There’s no reason that protecting our infrastructure can’t be a bipartisan effort, and I look forward to working with my colleagues to advance this legislation forward.”
The bill was originally introduced in 2019 by Congressman Emanuel Cleaver (D-Missouri-05), but it never made it to a floor vote. The recent Colonial Pipeline attack has given new life to Cleaver’s bill.
A bill fact sheet explains, “In May 2021, the Colonial Pipeline – which supplies approximately 45 percent of the refined oil used on the East Coast – was shut down for multiple days after suffering a ransomware attack. Directly as a result of this cybersecurity incident, gas stations and airports along the East Coast experienced fuel shortages, highlighting the importance and vulnerability of our nation’s critical pipeline infrastructure.”
55 percent of gas stations in Virginia were out of gas at one point during the shortages, although that number dropped to 14 percent by May 21, according to crowdsourced data from Gasbuddy.com.
The TSA has had authority for protecting pipelines since it was created after the September 11th attacks. The fact sheet said that the TSA has not sufficiently updated its security plans to account for cyberattacks. In 2019 the TSA pipeline security section had only six full-time employees and “was lacking in cybersecurity expertise,” the fact sheet said. Now, the section has 34 full-time employees, but the legislation requires the TSA to coordinate with the Cybersecurity and Infrastructure Security Agency (CISA) to develop a personnel strategy for the pipeline security team.
Additionally, the act formally codifies into law the pipeline security division and requires the division to update pipeline security guidance.
In addition to Cleaver and Luria, 12 other members of the Homeland Security Committee also co-sponsored the bill. In addition to the Pipeline Security Act, on Tuesday the committee also approved four other bills related to cybersecurity and critical supply chain risks.
In a press release, Chairman Bennie Thompson (D-Mississppi-02) said attacks like Colonial Pipeline and SolarWinds are part of longer series of attacks.
“Since the beginning of this Congress, this Committee has engaged in extensive oversight of these events and how the Federal government partners with others to defend our networks,” Thompson said. “The legislation we reported today was the result of this oversight. I am pleased that they received broad bipartisan support and hope they are considered on the House floor in short order.”
In a separate release, Cleaver said, “It’s become clear that cyber-attacks on our critical infrastructure are national security and economic threats to the homeland.”
He added, “The recent ransomware attack on the Colonial Pipeline, which caused the shutdown of thousands of miles of gas pipeline along the East Coast, was just the latest example of why Congress must act swiftly to harden our critical infrastructure and bolster our cybersecurity capabilities.”
– – –