‘Basic cyber security hygiene’: Legislation would strengthen infrastructure defense

The National Risk Management Act would strengthen the defense of critical infrastructure sectors by establishing a National Risk Management Cycle (NRMC).

The Secretary of Homeland Security would be required to develop and establish a NRMC to identify risks to critical infrastructure and the associated likelihoods, vulnerabilities and consequences of each identified risk.

U.S. Reps. Abigail Spanberger of Virginia and Mike Gallagher of Wisconsin introduced the legislation to protect against attacks on America’s critical infrastructure.

“The threats to our national security are increasingly complex. Families, businesses and communities across our country are vulnerable to sophisticated cyber threats, destabilizing attacks on our critical infrastructure and foreign interference,” Spanberger said. “Virginians know that these threats are not hypothetical — thousands of our neighbors have experienced the consequences of susceptible critical infrastructure, such as during the Colonial Pipeline attack.”

The legislation would require the U.S. Secretary of Homeland Security to consult with Sector Risk Management Agencies, critical infrastructure owners and operators, the Assistant to the President for National Security Affairs, the Assistant to the President for Homeland Security and the National Cyber Director, to develop and establish a NRMC.

“Our adversaries continue to launch cyber attacks against us that cripple our infrastructure, steal our intellectual property and harm our economy,” Gallagher said. “Establishing a National Risk Management Cycle is basic cyber security hygiene and a common-sense step we can take to ensure our businesses and critical infrastructure are hard targets.”

In May 2022, President Joe Biden signed into law Spanberger’s legislation to improve law enforcement’s understanding, measurement and tracking of cybercrime.

In the wake of the DarkSide attack on the Colonial Pipeline in May 2021, Spanberger urged Biden to recognize the vulnerabilities revealed by the foreign-based ransomware attack and create an interagency strategy that can increase cybersecurity collaboration between government agencies and the private sector, strengthen protections for American supply chains, and deter hackers from attacking in the future. In October 2021, she co-led a major bipartisan effort in the U.S. House to protect systemically important critical infrastructure from cyberattacks.