Two bipartisan bills from U.S. Sens. Gary Peters (D-MI) and Rob Portman (R-OH) on cybersecurity and infrastructure were approved by the U.S. Senate Homeland Security and Government Affairs Committee and now head to the full Senate for a vote.
The bills, which require critical infrastructure owners and operators and civilian federal agencies to report to the Cybersecurity and Infrastructure Security Agency (CISA) if they experience a cyberattack, and require most entities to report if they make a ransomware payment, are designed to improve federal agencies’ understanding of how to best combat online attacks.
“Ransomware and other online assaults against public and private networks have caused gas shortages across the East Coast, allowed hackers to access critical federal systems, and compromised the sensitive information of millions of Americans. Our bipartisan legislation will help fight back against these serious threats by ensuring CISA is notified of any attack on critical infrastructure companies and civilian federal networks, as well as when most other entities make a ransomware payment,” said Peters, chairman of the committee. “This information will help lead cybersecurity agencies and Congress in our efforts to establish a comprehensive strategy to punish cybercriminals for targeting American networks and prevent them from disrupting lives and livelihoods across our nation.”
The Cyber Incident Reporting Act would require infrastructure owners and operators to report to CISA within three days if they are experiencing a substantial cyberattack. The bill also requires organizations to notify the federal government within 24 hours if they make a ransom payment. Additionally, the bill requires CISA with the authority to subpoena entities that fail to report cybersecurity incidents ransomware payments and would require entities who plan on making a ransom payment to evaluate alternatives before making the payment.
The Federal Information Security Modernization Act of 2021 will overhaul and update existing legislation passed in 2014. The bill supports more effective cybersecurity practices throughout the federal government and improve coordination between the Office of Management and Budget (OMB), CISA, National Cyber Director and other federal agencies and contractors when addressing online threats. The bill will also direct the federal government to strengthen protection against cyberattacks, and require the OMB to develop guidance for federal agencies to use to efficiently allocate resources to protect their networks.
“As cyber and ransomware attacks continue to increase, I’m pleased the Senate Homeland Security and Governmental Affairs Committee has passed our bipartisan Cyber Incident Reporting Act and bipartisan legislation to update the Federal Information Security Modernization Act (FISMA) because the federal government must be able to quickly coordinate a response and hold bad actors accountable,” said Portman, who serves as ranking member of the Senate Homeland Security and Government Affairs Committee. “Our bipartisan legislation to significantly update FISMA will provide the accountability necessary to resolve longstanding weaknesses in federal cybersecurity by clarifying roles and responsibilities and requiring the government to quickly inform the American people if their information is compromised.”