Sens. Peters, Portman release legislation bolstering federal cybersecurity

U.S. Sens. Gary Peters (D-MI) and Rob Portman (R-OH) released the text of their legislation that would strengthen cybersecurity across the federal government.

The legislation, the Federal Information Security Modernization Act of 2021, would update existing legislation which has not been updated since its adoption in 2014 and would provide the country with the tools and resources needed to protect federal information technology systems.

“Increasingly sophisticated cyber-attacks against our federal agencies by foreign adversaries — and criminal organizations they often harbor — highlight the urgent need to enhance federal cybersecurity,” Peters, chairman of the Homeland Security and Governmental Affairs Committee, said. “Since Congress last addressed this critical issue, online threats have rapidly evolved and CISA had not yet been created.”

The senators said the bipartisan bill would ensure attacks on the networks of federal agencies and contractors are reported to the Cybersecurity and Infrastructure Security Agency (CISA), as well as to Congress. Additionally, the legislation would clarify CISA’s roles and responsibilities when it comes to federal information technology systems.

“The recent cyber and ransomware attacks against the federal government and critical infrastructure demonstrate the persistence and sophistication of our adversaries,” Portman, the committee’s ranking member, said. “I have authored two bipartisan reports demonstrating the cybersecurity weaknesses of federal agencies, and the need to update the Federal Information Security Modernization Act. These reports show that federal agencies are unprepared to meet the sophisticated, determined threat we face and have failed to address many vulnerabilities for nearly a decade putting the sensitive data of all Americans at risk.”

The legislation would overhaul the Federal Information Security Modernization Act of 2014 to support more effective cybersecurity practices throughout the federal government and to improve coordination between federal agencies and contractors when addressing online threats. The bill would require civilian agencies to report all cyber-attacks to CISA and major incidents to Congress, and provides additional authorities to CISA so they can lead the response to incidents and breaches on federal civilian networks.

The bill will be considered by the committee on Wednesday, October 6, 2021.