The shutdown of the Colonial Pipeline by a Russian-backed hacker organization called DarkSide is a reminder of why protecting and improving our national infrastructure matters so much.

Even as the pipeline restarted on Thursday, many people along the route of the pipeline, which includes places such as Atlanta; Charlotte, North Carolina; and Washington, D.C., have felt the effects of the closure, with rising gas prices and empty pumps at stations. While the shortage has been due to the panic-buying rather than actual shortages, this incident has highlighted the importance of infrastructure improvements.

But while President Joe Biden released his $2.25 trillion infrastructure plan, the American Jobs Plan, back in March, the vast majority of the funds are earmarked for things not traditionally considered infrastructure. Less than 5% of the total funding is allocated for traditional road and bridge projects. Debates over the plan’s merits have centered on what should be defined as infrastructure. Proponents of the bill have argued that child care and broadband, among other things, deserve to be considered infrastructure for today’s economy.

That debate about semantics is a distraction.

The real issue isn’t whether child care is important or not (of course, it is) but whether traditional infrastructure needs are being short-changed as we expand infrastructure’s definition. After the events of the last week, it’s clear we need to do more to protect our oil and gas pipelines. It is vital not only that private U.S. enterprises maintain adequate cybersecurity measures, but that the government pursues vigorous policies to deter hostile governments such as Russia, China, and North Korea from launching such attacks.

Colonial Pipeline is far from the first wake-up call here. We have already seen the danger of putting off updates to our cybersecurity, as the massive monthslong breach of federal servers, now called Sunburst, showed last year. That attack included the Department of Energy, the Treasury Department, and more. Biden, as president-elect, vowed to make cybersecurity a “top priority.” But where is the action?

Russia has not been held culpable for its indirect responsibility for the Colonial Pipeline attack. If Biden is going to prioritize cybersecurity, he must hold responsible those who undermine that security. To do otherwise is to risk inviting further and worse attacks.