Congress Increases Focus on Cybersecurity Risk Management
Russia’s invasion of Ukraine is pushing lawmakers to authorize the first set of mandates that specifically address cybersecurity concerns for critical infrastructure and federal agencies.
The Senate March 2 unanimously approved on the Strengthening American Cybersecurity Act, a bipartisan package meant to supplement and amend three previous bills—the Cyber Incident Reporting Act, the Federal Information Security Modernization Act, and the Federal Secure Cloud Improvement and Jobs Act—that set requirements for critical infrastructure entities to report instances of cyberattacks and initiated a process to accelerate cloud technology adoption in government. This was a stark contrast from the failure of similar provisions proposed for last year’s National Defense Authorization Act (NDAA).
“It is clear that, as our nation continues to counter cyber threats and support Ukraine, we need to pass this legislation to provide additional tools to address possible cyber-attacks from adversaries, including the Russian government,” said Sen. Gary Peters (D-MI) in a press statement.
The new omnibus bill directs operators of critical infrastructure—including banks, energy grids, or large factories whose destruction would “have a debilitating impact on national security”—to report instances of substantial cyberattacks or ransomware payments to the Cybersecurity and Infrastructure Security Agency (CISA). In addition, it authorizes $20 million over five years for the Federal Risk and Authorization Management Program (FedRAMP) to expedite the implementation of cloud technologies in government.
Most importantly, CISA is expected to gain access to a much broader range of information on the nature and frequency of cyberattacks in the United States. 2021 saw an increase in the number of cyberattacks on various industries, some of the most prominent being the ransomware attack on Colonial Pipeline and the shutdown of JBS meatpacking facilities. The new bill designates CISA as the lead federal agency in responding to cyber incidents and aims to minimize security and economic damage.
Republican legislators, including co-sponsor Sen. Rob Portman (R-OH) noted the urgency of the bill precisely in the light of U.S. support of Ukraine, criticizing the omission of U.S. cybersecurity in President Biden’s State of the Union address given on the same day.
The House displayed relatively high support for similar provisions within the NDAA in 2021 and is expected to do the same with the Strengthening American Cybersecurity Act, which it received on March 2.