Bill Would Enhance Communication and Coordination Across Federal Agencies to Address Evolving Cybersecurity Threats
WASHINGTON, D.C. – Bipartisan legislation authored by U.S. Senators Gary Peters (D-MI), Chairman of the Homeland Security and Governmental Affairs Committee, and Josh Hawley (R-MO) to reform federal cybersecurity laws – which have not been significantly updated since 2014 – and ensure our nation has the tools and resources it needs to protect federal information technology systems has advanced in the Senate. The Federal Information Security Modernization Act of 2023 will improve coordination across the federal government to help civilian federal agencies and contractors protect their networks against cybersecurity threats. It also clarifies roles and responsibilities for key agencies that lead federal information security policy and operations. The bill was advanced by the Senate Homeland Security and Governmental Affairs Committee where Peters serves as Chair, and now moves to the full Senate for consideration. Companion legislation is being led through the House by U.S. Representatives James Comer (R-KY) and Jamie Raskin (D-MD), Chairman and Ranking Member of the Committee on Oversight and Accountability, and Nancy Mace (R-SC) and Gerald E. Connolly (D-VA), Chairwoman and Ranking Member of the Subcommittee on Cybersecurity, Information Technology, and Government Innovation.
“Recent cyber-attacks have allowed foreign adversaries and criminal hackers to access sensitive information and compromise national security. These incidents show that lawmakers must urgently work together and ensure federal agencies have the tools and resources to prevent and address network breaches,” said Senator Peters. “This bipartisan, bicameral bill will modernize federal cybersecurity standards and ensure that government systems – and the information they store – are safe and secure.”
“I am encouraged Congress is taking bipartisan action to improve and modernize the cybersecurity of the federal government,” said Senator Hawley. “As cyberattacks continue to expose federal technology vulnerabilities, particularly from foreign adversaries like the CCP, it is imperative we bolster our cybersecurity networks and defend our national security.”
Federal agency networks are frequent targets for cyber-attacks. A recently disclosed breach of Microsoft’s cloud systems, which was discovered in June, enabled Chinese hackers to access government email accounts. Last month, several federal agencies also fell victim to cyber-attacks exploiting a security vulnerability in a file transfer tool called MOVEit. A system breach that was first reported in 2020 of software provider SolarWinds compromised sensitive information at several federal agencies, including the Department of Homeland Security and the Department of Defense. In 2021, vulnerabilities in the Microsoft Exchange Server allowed the Chinese government to access the networks of thousands of organizations around the world – including U.S. government agencies. This bipartisan legislation would help prevent network breaches, mitigate the effect cyber-attacks have on the federal government, and help federal agencies take more effective, measurable, and successful actions to address evolving cybersecurity threats.
The Federal Information Security Modernization Act of 2023 overhauls and updates the Federal Information Security Modernization Act of 2014 to support more effective cybersecurity practices throughout the federal government and improve coordination between the Office of Management and Budget (OMB), the Cybersecurity and Infrastructure Security Agency (CISA), the Office of the National Cyber Director, and other federal agencies and contractors when addressing online threats. The bill requires civilian agencies to report all cyber-attacks to CISA and major incidents to Congress, and provides additional authorities to CISA for responding to incidents and breaches on federal civilian networks. The legislation also codifies aspects of President Biden’s Executive Order on Improving the Nation’s Cybersecurity to enforce higher level security protections for federal information systems and the sensitive data they often store. Finally, the bill requires OMB to develop guidance for federal agencies to use so they can efficiently allocate the cybersecurity resources they need to protect their networks.