US to Strengthen Public and Private Sector Cybersecurity
Package Includes His Bipartisan Bills to Protect Critical Infrastructure and Federal Networks, and Ensure Government Can Safely Adopt Cloud Technology
U.S. Senator Gary Peters (MI), Chairman of the Senate Homeland Security and Governmental Affairs Committee, introduced a landmark legislative package that would significantly enhance our nation’s ability to combat ongoing cybersecurity threats against our critical infrastructure and the federal government – particularly in the face of potential cyber-attacks sponsored by the Russian government in retaliation for U.S. support in Ukraine. The legislation combines language from three bills Peters authored and advanced out of his committee – the Cyber Incident Reporting Act, the Federal Information Security Modernization Act of 2021, and the Federal Secure Cloud Improvement and Jobs Act. The combined bill, known as the Strengthening American Cybersecurity Act, would require critical infrastructure owners and operators and civilian federal agencies to report to the Cybersecurity and Infrastructure Security Agency (CISA) if they experience a substantial cyber-attack. It would also require critical infrastructure owners and operators to report ransomware payments to CISA, modernize the government’s cybersecurity posture, and authorize the Federal Risk and Authorization Management Program (FedRAMP) to ensure federal agencies can quickly and securely adopt cloud-based technologies that improve government operations and efficiency.
“Cyber-attacks against federal networks and critical infrastructure companies – including oil pipelines, meatpacking centers, and wastewater treatment plants – have disrupted lives and livelihoods across the country. That is why, for months, I have been leading efforts to fight back against cybercriminals and foreign adversaries who launch these incessant attacks,” said Senator Peters. “It is clear that, as our nation continues to counter cyber threats and support Ukraine, we need to pass this legislation to provide additional tools to address possible cyber-attacks from adversaries, including the Russian government. This landmark, bipartisan legislative package will provide our lead cybersecurity agency, CISA, with the information and tools needed to warn of potential cybersecurity threats to critical infrastructure, prepare for widespread impacts, coordinate the government’s efforts, and help victims respond to and recover from online breaches. Our efforts will significantly bolster and modernize federal cybersecurity as new, serious software vulnerabilities continue to be discovered, such as the one in log4j. This combined bill will also ensure that agencies can procure cloud-based technology quickly, while ensuring these systems, and the information they store, are secure.”
Last year, hackers breached the network of a major oil pipeline forcing the company to shut down over 5,500 miles of pipeline – leading to increased prices and gas shortages for communities across the East Coast. Last summer, the world’s largest beef supplier was hit by a cyber-attack, prompting shutdowns at company plants and threatening meat supplies all across the nation. As these kinds of attacks continue to rise, Peters’ legislation would help ensure critical infrastructure entities such as banks, electric grids, water networks, and transportation systems are able to quickly recover and provide essential services to the American people in the event of network breaches.
The Strengthening American Cybersecurity Act would require critical infrastructure owners and operators to report to CISA within 72 hours if they are experiencing a substantial cyber-attack, and within 24 hours if they make a ransomware payment. Additionally, the package would update current federal government cybersecurity laws to improve coordination between federal agencies, require the government to take a risk-based approach to cybersecurity, as well as require all civilian agencies to report all cyber-attacks to CISA, and update the threshold for agencies to report cyber incidents to Congress. It also provides additional authorities to CISA to ensure they are the lead federal agency in charge of responding to cybersecurity incidents on federal civilian networks. Finally, the package would authorize FedRAMP for five years to ensure federal agencies are able to quickly and securely adopt cloud-based technologies that improve government efficiency and save taxpayer dollars.