Analysis
Attacks and Vulnerabilities
CISA
Critical infrastructure
Malware, Phishing & Ransomware
News
Regulation, Standards and Compliance
SBOM
Vulnerabilities

Senate advances bills to boost cybersecurity partnerships, increase outreach to communities, help rural hospitals

June 19, 2023
Senate advances bills to boost cybersecurity partnerships, increase outreach to communities, help rural hospitals

Three bipartisan bills authored by U.S. Senator Gary Peters, a Democrat from Michigan to help address persistent and evolving cybersecurity threats have advanced in the Senate. The bills – DHS International Cyber Partner Act, Cybersecurity Awareness Act, and Rural Hospital Cybersecurity Enhancement Act – are intended to strengthen U.S. partnerships with international partners and allies on cybersecurity, increase information to communities on how to protect themselves from cyberattacks, and help rural hospitals improve their cybersecurity. 

The Senate Homeland Security and Governmental Affairs Committee (HSGAC), which Peters chairs, has approved these bills. They will now go to the full Senate for consideration. 

“Foreign adversaries and cybercriminals continue to target essential networks here at home and around the world. It’s clear the our government must lead the world in identifying threats and working to address network vulnerabilities so we can prevent disruptive attacks,” Senator Peters said in a Friday media statement. “These bipartisan bills will help ensure American communities, as well as our international partners and allies have access to cybersecurity support they need to fight back against these threats.”

Current authorities can delay DHS’ ability to quickly respond when foreign countries request cybersecurity assistance from the U.S. For example, at the start of the Russian invasion of Ukraine, it took weeks for DHS to provide requested support for cybersecurity defenses. 

The DHS International Cyber Partner Act would authorize the DHS (Department of Homeland Security) and CISA (Cybersecurity and Infrastructure Security Agency) to assign personnel to foreign locations and provide assistance and expertise to foreign governments and international organizations on cybersecurity and other homeland security efforts. The bill also allows CISA to include international partners in existing cybersecurity programs that help protect critical infrastructure systems that could disrupt America’s national and economic security if breached. 

The bill comes in recognition of the fact that cyber-attacks against networks around the world can affect the global economy and even cause disruptions across the U.S. Thus, by ensuring that international partners have the ability to fight back and prevent breaches, the bipartisan bill will enhance cybersecurity cooperation with international allies and partners to mitigate cybersecurity threats.

Since 2004, the President and Congress have designated October as Cybersecurity Awareness Month, when the government and industry join efforts to raise cybersecurity awareness nationally as threats to technology and sensitive data become more common.

Peters’ Cybersecurity Awareness Act would direct CISA to develop a year-round campaign that informs the public about best practices on how to prevent cyber-attacks and mitigate cybersecurity risks. The bill would require CISA to also consult with private sector entities, state, local, Tribal, and territorial (SLTT) governments, nonprofits, and universities to promote cybersecurity awareness, including on how to effectively communicate awareness. 

Furthermore, the legislation would also require CISA to coordinate with other federal agencies and departments to ensure the federal government is communicating accurate and timely information. Finally, the bill would require CISA to ensure campaign resources are publicly available online and regularly updated.

Rural hospitals often lack the resources and staff needed to secure their systems from cyber-attacks. Network breaches on these health care providers have the potential to compromise sensitive medical information and even disrupt patient care. The rural hospital cybersecurity legislation followed a HSGAC hearing that identified rural healthcare facilities as soft targets for cybercriminals. Unlike larger urban hospitals, rural hospitals often have little to no full-time cybersecurity personnel and are particularly exposed to cyberattacks.

Peters helped introduce the Rural Hospital Cybersecurity Enhancement Act which would require the CISA director to develop a comprehensive rural hospital cybersecurity workforce development strategy that considers public-private partnerships, development of curricula and training resources, and policy recommendations. It also requires CISA to make cybersecurity training resources available to rural hospital systems.

In March, the Department of Health & Human Services (HHS) Food and Drug Administration (FDA) agency published final guidance establishing new cybersecurity requirements for cyber devices, which includes information that a sponsor of a premarket submission for a cyber device must provide in its submission. The document also requires healthcare stakeholders to bring into their infrastructure cybersecurity provisions that cover software bill of materials (SBOM) and vulnerability disclosure reporting.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Building a Culture of Cyber Resilience in Manufacturing (WEF)
WEF playbook addresses cyber resilience in manufacturing and supply chains, provides three guiding principles
DOE, EPA support NSM-22 focused on critical infrastructure security and resilience
DOE, EPA support NSM-22 focused on critical infrastructure security and resilience
White House releases National Security Memorandum on critical infrastructure security and resilience
White House releases National Security Memorandum on critical infrastructure security and resilience
US DHS delivers safety and security guidelines to secure critical infrastructure from AI-related threats
US DHS delivers safety and security guidelines to secure critical infrastructure from AI-related threats
Xage’s Zero Trust Session Collaboration tool delivers remote access, collaboration across industrial frameworks
Xage announces AI-powered analytics and insight capabilities to boost zero trust access and protection
US DHS establishes AI Safety and Security Board to advise on safe deployment in critical infrastructure
US DHS establishes AI Safety and Security Board to advise on safe deployment in critical infrastructure
AI for Energy - Opportunities for a Modern Grid and Clean Energy Economy (DoE)
US DOE rolls out initial assessment report on AI benefits and risks for critical energy infrastructure
Honeywell’s 2024 USB Threat Report reveals significant rise in malware frequency, highlighting growing concerns
Honeywell’s 2024 USB Threat Report reveals significant rise in malware frequency, highlighting growing concerns
Claroty’s Team82 details exploitation of classic deserialization vulnerability in Siemens EnMPro line
Claroty’s Team82 details exploitation of classic deserialization vulnerability in Siemens EnMPro line
Microsoft debuts ICSpector framework to enable examining information and configurations of industrial PLCs
Microsoft debuts ICSpector framework to enable examining information and configurations of industrial PLCs