Rep. John Katko, R-N.Y., questions Federal Emergency Management Agency Administrator Peter Gaynor as he testifies before a House Committee on Homeland Security meeting on Capitol Hill, July 22, 2020, in Washington. Katko and Rep. Abigail Spanberger, D-Va, introduced legislation that would define "systemically important" parts of critical infrastructure for prioritized cybersecurity assistance from the government. (Photo by Andrew Harnik-Pool/Getty Images)

A bipartisan pair of lawmakers on the House Homeland Security Committee have introduced legislation that would put the Cybersecurity and Infrastructure Security Agency in charge of designating parts of critical infrastructure as “systemically important,” potentially moving them to the head of the line for federal cybersecurity support and resourcing.

The bill, sponsored by ranking Republican John Katko, of New York, and Rep. Abigail Spanberger, D-Va., would empower the agency’s director to convene a group of federal and industry stakeholders to devise “objective criteria” to judge whether the compromise or disruption of an entity or element of critical infrastructure would lead to “debilitating effect on national security, economic security, public health or safety, or any combination thereof.” It would also consider whether damage, disruption or unauthorized access to that element might disrupt the reliable operations of a critical infrastructure sector or one of CISA’s listed national critical functions.

In a statement, Katko said the law creates a formal process to reflect parts of critical infrastructure that “naturally demand deeper cyber risk management” and support from the federal government.

“In recent months, we have collaborated extensively with industry to codify a transparent, well-understood, stakeholder-involved process for identifying SICI,” he said. “Our goal is to understand the single points of failure and layers of systemic risk in our economy, because if everything is critical, nothing is.”

CISA’s original focus on 16 critical infrastructure sectors — such as food and agriculture, telecommunications, electricity and gas, elections and others — was meant to distinguish the heightened importance of sectors and industries are broadly relied on by Americans or that would cause cascading failures or problems across other industries and services.

This legislation would further elevate their importance, entitling some entities or operators to be first in line for cybersecurity resources from CISA like technical assistance and voluntary continuous monitoring programs. It would also speed up their security clearance processing and give them “prioritized representation” on the Joint Cyber Defense Collaborative, CISA’s newly established nerve center for public/private collaboration on cybersecurity issues.

Spanberger cited the impact she saw in her home district from gas shortages stemming from the Colonial Pipeline ransomware attack as one of the factors that motivated her to co-sponsor the bill and demonstrated the “fundamental role” that critical infrastructure plays in daily life and the economy.

“Our bipartisan bill would help us identify the critical infrastructure that is particularly foundational and systemically important to our economy and national security, and it would help prioritize protecting these systemically important systems from the serious consequences cyberattacks can have on public safety and health, as well as on our supply chains,” Spanberger said.