New Bill Seeks to Increase Penalties for Attacks on Critical US Infrastructure

New Bill Seeks to Increase Penalties for Attacks on Critical US Infrastructure
In an aerial view, fuel holding tanks are seen at Colonial Pipeline's Dorsey Junction Station in Washington on May 13, 2021. (Drew Angerer/Getty Images)
Janita Kan
5/21/2021
Updated:
5/21/2021

A Texas lawmaker has introduced a bill that seeks to impose a mandatory minimum sentence of 30 years in prison and sanctions for foreign actors who commit attacks on key U.S. infrastructure.

Rep. Pat Fallon (R-Texas) announced the bill, entitled “Protecting Critical Infrastructure Act of 2021,” which will also place severe sanctions against individuals who have been convicted of an attempted or successful incursion on critical infrastructure. Sanctions could include asset blocking, inadmissibility into the United States, and the revocation of current visas.
The bill’s announcement comes after fuel shortages caused by interruptions in the operation of a major gas pipeline, Colonial Pipeline, that was targeted in a ransomware attack. Fuel constraints began to ease last weekend after it resumed operations last week. The Biden administration and state governments issued a number of temporary waivers of certain fuel standards and rules to increase the supply of gasoline in areas impacted by the shutdown.

“Our nation is still reeling from the devastating Colonial Pipeline cyberattack that paralyzed much of the United States last week. Hundreds of gas stations are shuttered, families are struggling to attend school and work, and our energy infrastructure has been left more vulnerable than ever,” Fallon said in a statement.

“The legislation I am introducing today would not only mandate severe imprisonment for infrastructure attacks by foreign actors, but also level strict sanctions on individuals and entities convicted of such acts against the United States. An attack on our critical infrastructure is an attack on our entire nation, and it must not go unpunished,” he added.

Other lawmakers have announced similar legislative measures aimed at mitigating risks to critical infrastructure or rendering U.S. key systems more resilient to cybersecurity attacks.

Last week, a bipartisan group of House lawmakers announced the Cybersecurity and Infrastructure Security Agency (CISA) Cyber Exercise Act, which would require CISA, the agency that spearheads federal cybersecurity efforts, to create new ways for U.S. businesses and governments to test and protect their critical infrastructure against the threat of cyber attacks.

The legislation calls for the establishment of a National Cyber Exercise Program, a testing regime for the nation’s response plan to major cyber incidents. Under the program, CISA would help develop a set of model exercises to be used by state and local governments, and private sector businesses, to test the safety and security of their critical infrastructure. Besides helping design the exercises, CISA would also help governments and businesses implement and evaluate them.

President Joe Biden signed an executive order last week that directs the federal government to “improve its efforts to identify, deter, protect against, detect, and respond to these actions and actors” in the event of a cybersecurity attack.

He also directed agencies to work with the private sector to “learn the lessons of this incident, strengthen cybersecurity practices, and deploy technologies that increase resilience against cyberattacks.”

Tom Ozimek contributed to this report.