Two cybersecurity bills from U.S. Sens. Gary Peters (D-MI) and Rob Portman (R-OH) have been approved by the Senate Homeland Security and Government Affairs Committee where Peters serves as chair and Portman serves as ranking member.
The two bills, the Cyber Incident Reporting Act and the Federal Information Security Modernization Act of 2021, are designed to strengthen the country’s ability to combat online attacks, and ensure federal agencies have the right tools and resources to protect federal information technology systems.
“Ransomware and other online assaults against public and private networks have caused gas shortages across the East Coast, allowed hackers to access critical federal systems, and compromised the sensitive information of millions of Americans. Our bipartisan legislation will help fight back against these serious threats by ensuring CISA is notified of any attack on critical infrastructure companies and civilian federal networks, as well as when most other entities make a ransomware payment,” Peters said. “This information will help lead cybersecurity agencies and Congress in our efforts to establish a comprehensive strategy to punish cybercriminals for targeting American networks and prevent them from disrupting lives and livelihoods across our nation.”
The Cyber Incident Reporting Act requires critical infrastructure owners and operators to report any substantial cyberattack to the Cybersecurity and Infrastructure Security Agency (CISA) within 72 hours, and requires businesses, nonprofits, and state and local governments to notify federal authorities within 24 hours if they make a ransom payment. The bill also creates a Cybersecurity Incident Reporting Council, and would penalize any entity that fails to report cybersecurity incidents or ransomware payments by barring them from any federal contracts.
The Federal Information Security Modernization Act of 2021 would update federal guidelines established in 2014 and improve coordination between the Office of Management and Budget (OMB), CISA, National Cyber Director, and other federal agencies when addressing online threats. The legislation also codifies President Joe Biden’s Executive Order improving the nation’s cybersecurity to a higher level of security protections for federal information systems and the data they store.
“As cyber and ransomware attacks continue to increase, I’m pleased the Senate Homeland Security and Governmental Affairs Committee has passed our bipartisan Cyber Incident Reporting Act and bipartisan legislation to update the Federal Information Security Modernization Act (FISMA) because the federal government must be able to quickly coordinate a response and hold bad actors accountable,” Portman said. “The Cyber Incident Reporting Act will give the National Cyber Director, CISA, and other appropriate agencies broad visibility into the cyberattacks taking place across our nation on a daily basis to enable a whole-of-government response, mitigation, and warning to critical infrastructure and others of ongoing and imminent attacks.”