Senate advances legislation to strengthen cybersecurity, protect critical infrastructure

A new legislative package from U.S. Sens. Gary Peters (D-MI) and Rob Portman (R-OH) advanced through the Senate this week, setting up the House to consider revamps to public and private sector cybersecurity and the lingering question of governmental adoption of cloud technology.

The Strengthening American Cybersecurity Act (S. 3600) consists of language from three bills formerly submitted by Peters and Portman, the chair and ranking member of the Homeland Security and Governmental Affairs Committee, respectively: the Cyber Incident Reporting Act, the Federal Information Security Modernization Act of 2021 and the Federal Secure Cloud Improvement and Jobs Act. The senators stressed the urgency for the legislation’s passage in the wake of the Russian invasion of Ukraine, and U.S. support for the besieged nation, for fear of potential cyberattack reprisals sponsored by the Russian government.

“As we have seen repeatedly, these online attacks can significantly disrupt our economy – including by driving up the price of gasoline and threatening our most essential supply chains – as well as the safety and security of our communities,” Peters said. “This landmark legislation, which has now passed the Senate, is a significant step forward to ensuring the United States can fight back against cybercriminals and foreign adversaries who launch these persistent attacks. Our landmark, bipartisan bill will ensure CISA is the lead government agency responsible for helping critical infrastructure operators and civilian federal agencies respond to and recover from major network breaches and mitigate operational impacts from hacks.”

The legislation would require critical infrastructure owners and operators, along with civil federal agencies, to report to the Cybersecurity and Infrastructure Security Agency (CISA) in the event of a substantial cyberattack (within 72 hours) or resulting ransomware payment (within 24 hours). It also demanded modernization of the government’s cybersecurity position, improved coordination, and would authorize the Federal Risk and Authorization Management Program (FedRAMP) to assist federal agencies over the next five years in quickly and securely adopting cloud-based technologies to improve operational efficiency.

“In addition, since 2019, through bipartisan investigative reports, I have highlighted the failings of federal agencies to protect their networks,” Portman said. “This legislation will address recommendations in those reports to significantly update FISMA, providing the accountability necessary to resolve longstanding weaknesses in federal cybersecurity by clarifying roles and responsibilities and requiring the government to quickly inform the American people if their information is compromised.”

In the House, Peters and Portman are working with U.S. Reps. Yvette Clarke (D-NY), John Katko (R-NY), Carolyn Maloney (D-NY), James Comer (R-KY), Gerald Connelly (D-VA), and Jody Hice (R-GA) to promote and ultimately pass this legislation.