Rosen Discusses Urgent Need for Protections for U.S. Critical Infrastructure, Building on Her Bipartisan Legislation

During Senate Commerce Hearing, Rosen Spoke with Transportation Officials About the Potential Applications of Her Cyber Sense Act to Protect U.S. Energy Infrastructure

WASHINGTON, D.C. – Today, during a Senate Committee on Commerce, Science, and Transportation hearing, U.S. Senator Jacky Rosen (D-NV) questioned David Pekoske, Administrator at the Transportation Security Administration (TSA); and Polly Trottenberg, Deputy Secretary at the Department of Transportation, about protecting our nation’s critical infrastructure from cyberattacks. During the hearing, they discussed potential applications of her bipartisan legislation, the Cyber Sense Act, which would help increase the cybersecurity of our power grid, protecting pipelines and other critical infrastructure. A transcript of the Senator’s full exchange can be found below, and a video of the Senator’s full exchange can be found here.

ROSEN: I want to move on to my Cyber Sense Act because the Colonial Pipeline attack — it just was a stark reminder that our critical infrastructure is such a target. I recently reintroduced the Cyber Sense Act. It’s bipartisan legislation that would create a voluntary Cyber Sense program at the Department of Energy to test the cybersecurity of products and technologies intended for use in the bulk-power system. This bill would also direct the Secretary of Energy to consider incentives to encourage the use of analysis and testing results when designing products and technologies.

So, Mr. Pekoske and then Ms. Trottenberg, while the program that I’m talking about in my Cyber Sense Act is for energy companies, do you think a similar program for other critical infrastructure such as pipelines would be helpful for pipeline owners and operators? And so, Mr. Pekoske, you can begin, please.

PEKOSKE: Senator, one of the things that we are very closely looking is, you know, we’ve put security directives out to make cyber measures much stronger on pipeline systems, the most critical pipeline systems. But there are other elements of critical infrastructure, and some of these cybersecurity requirements can apply across elements of critical infrastructure. So that’s part of the work that we have in front of us, is to see what can apply more broadly rather than into a specific sector.

TROTTENBERG: I’ll just sort of echo the administrator’s comments. Obviously, I think what we’re seeing with the security directives and pipelines, a lot of good work has gone into them, a lot of collaboration with industry. Across the transportation sector, there are clearly other sectors that it’s going to logically follow, we’ve mentioned vehicles today, so I think there will be opportunities for further collaboration with you all and with TSA. I think we want to make sure we’re seeing robust cyber protections starting to be instilled in at least all the industries across the transportation sector. 

ROSEN: Thank you.