Attacks and Vulnerabilities
CISA
Critical infrastructure
News
Regulation, Standards and Compliance
Threat Landscape

New bill set to reinforce efforts to secure critical infrastructure, federal agencies from cyber security attacks

February 09, 2022
New bill set to reinforce efforts to secure critical infrastructure, federal agencies from cyber security attacks

Two legislators of the U.S. Homeland Security Committee have introduced a bill that would significantly enhance the nation’s ability to combat ongoing cyber security attacks against critical infrastructure installations and federal agencies. The bill also works towards ensuring that the government can safely adopt cloud technology. 

The introduction of the bill gains significance coming in the face of potential cyber-attacks sponsored by the Russian government in retaliation to U.S. support in Ukraine

The bill, titled, ‘Strengthening American Cybersecurity Act,’ would require critical infrastructure owners and operators and civilian federal agencies to report to the Cybersecurity and Infrastructure Security Agency (CISA) if they experience a substantial cyber-attack. It would also require critical infrastructure owners and operators to report ransomware payments to CISA, modernize the government’s cybersecurity posture, and authorize the Federal Risk and Authorization Management Program (FedRAMP) to ensure that federal agencies can securely adopt cloud-based technologies that improve government operations and efficiency.

The legislation was introduced by U.S. Senator Gary Peters, a Democrat from Michigan and chairman of the Homeland Security and Governmental Affairs Committee, and Rob Portman, a Republican from Ohio and Ranking Member of the Senate Homeland Security and Governmental Affairs Committee. 

The legislators are also working closely with U.S. Representatives Yvette Clarke, a Democrat from New York, John Katko, a Republican from New York, Carolyn Maloney, a Democrat from New York, James Comer, a Republican from Kentucky, Gerald Connelly, a Democrat from Virginia, and Jody Hice, a Republican from Georgia, who have led such efforts in the House. 

The bipartisan legislation also combines language from three bills that the legislators have previously authored and advanced out of their committee, namely the Cyber Incident Reporting Act, the Federal Information Security Modernization Act of 2021, and the Federal Secure Cloud Improvement and Jobs Act

As part of the requirements of the new legislation, critical infrastructure owners and operators would be required to report to CISA within 72 hours if they are experiencing a substantial cyber-attack and within 24 hours if they make a ransomware payment. Additionally, the bill would seek to update current federal government cybersecurity laws to improve coordination between federal agencies requiring the government to take a risk-based approach to cybersecurity. The bill also calls upon all civilian agencies to report all cyber security attacks to CISA and update the threshold for agencies to report cyber incidents to Congress. 

The Peters-Portman bill also “provides additional authorities to CISA to ensure they are the lead federal agency in charge of responding to cybersecurity incidents on federal civilian networks.” The bill would also authorize FedRAMP for five years to ensure that federal agencies can quickly and securely adopt cloud-based technologies that improve government efficiency and save taxpayer dollars.

“Cyber-attacks against federal networks and critical infrastructure companies – including oil pipelines, meatpacking centers, and wastewater treatment plants – have disrupted lives and livelihoods across the country,” Senator Peters said in a media statement on Tuesday. “It is clear that, as our nation continues to counter cyber threats and support Ukraine, we need to pass this legislation to provide additional tools to address possible cyber-attacks from adversaries, including the Russian government.” 

“This landmark, bipartisan legislative package will provide our lead cybersecurity agency, CISA, with the information and tools needed to warn of potential cybersecurity threats to critical infrastructure, prepare for widespread impacts, coordinate the government’s efforts, and help victims respond to and recover from online breaches,” Peters added.

“This bill strikes a balance between getting information quickly and letting victims respond to an attack without imposing burdensome requirements,” Senator Portman said. “In addition, since 2019, through bipartisan investigative reports, I have highlighted the failings of federal agencies to protect their networks. I am glad this legislation will address recommendations in those reports to significantly update FISMA, providing the accountability necessary to resolve longstanding weaknesses in federal cybersecurity by clarifying roles and responsibilities and requiring the government to quickly inform the American people if their information is compromised.”

As these kinds of cyber security attacks continue to rise, the Peters-Portman legislation would help ensure critical infrastructure entities, such as banks, electric grids, water networks, and transportation systems, can quickly recover and provide essential services to the American people in the event of network breaches.

Last week, the U.S. Committee on Oversight and Reform approved the Supply Chain Security Training Act that works towards improving federal government operations and hiring practices. It also passed the Federal Information Security Modernization Act of 2022 that bolsters cybersecurity for federal agencies.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
ASIS Foundation reports on impact of autonomous vehicles on security and technology
ASIS Foundation reports on impact of autonomous vehicles on security and technology
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
RMC
Risk Mitigation Consulting acquires Securicon, boosting cybersecurity and mission assurance offerings
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation
New CGCYBER report warns of cybersecurity risks in marine environment due to network-connected OT systems
New CGCYBER report warns of cybersecurity risks in marine environment due to network-connected OT systems
Ukrainian CERT details malicious plan by Sandworm group to disrupt critical infrastructure facilities
Ukrainian CERT details malicious plan by Sandworm group to disrupt critical infrastructure facilities
DC3, DCSA collaborate to launch vulnerability disclosure program for defense industrial base
DC3, DCSA collaborate to launch vulnerability disclosure program for defense industrial base
Waterfall’s WF-600 unidirectional security gateway brings 'unbreachable protection' to OT/ICS networks
Waterfall, 2TS enter into cybersecurity alliance for African market