Peters & Portman Introduce Bill to Require Federal Government to Improve Cybersecurity Budgeting

WASHINGTON, DC — U.S. Senators Gary Peters (D-MI), Ranking Member of the Homeland Security and Governmental Affairs Committee, and Rob Portman (R-OH) introduced the bipartisan Risk-Informed Spending for Cybersecurity (RISC) Act to require the federal government to make better investments in cybersecurity protections to keep Americans’ data safe. The legislation would require federal agencies to efficiently allocate limited cybersecurity resources to acquire capabilities that address the most pressing cyber threats.

“It is incredibly concerning that an Office of Management and Budget study found that 74 percent of federal government agencies weren’t fully capable of identifying, responding, or recovering from cyber-attacks. As government operations increasingly move online, particularly during the current pandemic, we must ensure that our cybersecurity defenses are capable of guarding against attacks,” said Senator Peters. “I am proud to introduce this commonsense, bipartisan legislation that will require federal agencies to understand the risks facing them, and prioritize their cybersecurity budgets based on those risks.”

“Through the budget process, agencies make decisions about the tools they need to ensure they are addressing risks and closing capability gaps. Too often, insufficient information about threats and their associated risks inhibits their ability to make the best, most informed decisions,” said Senator Portman. “It is crucial that federal agencies know the return on investment for each cybersecurity capability acquired and whether those capabilities address existing security vulnerabilities. This bipartisan legislation will help give federal agencies the information they need to make informed decisions about their cybersecurity budgets. I urge my colleagues in the Senate to support this important, bipartisan cybersecurity initiative.”

 “The Alliance for Digital Innovation (ADI) congratulates Senators Portman and Peters on the introduction of the ‘‘Risk-Informed Spending for Cybersecurity Act.’’ This important piece of legislation will greatly enhance Federal cybersecurity through the development of a data driven, risk based budgeting process for Federal information security programs and technological capabilities,” said Matthew Cornelius, Executive Director of the Alliance for Digital Innovation. “The bill would push agencies to leverage better intelligence, data, and real time information to provide a more robust understanding their current cybersecurity performance and to improve the budget and appropriations process to ensure agencies have the resources they need to mitigate critical threats and vulnerabilities. ADI appreciates the leadership of Senators Portman and Peters on this critical step forward to improve FISMA and drive more effectively cyber hygiene across the Federal enterprise.”

The Risk-Informed Spending for Cybersecurity Act would require the Office of Management and Budget to develop a risk-based budgeting model.  It would also require agencies to use the model once it is developed.  

Senator Peters has long worked to raise public awareness of cybersecurity issues and address the emerging threat of cyber-attacks. The Senate unanimously approved Peters’ bill to develop and retain highly-skilled cybersecurity professionals in the federal workforce. Peters also led an effort to secure elections by strengthening cybersecurity for voting systems in communities around the country. Peters also introduced bipartisan legislation to improve access to cybersecurity resources and training for small businesses, strengthen cybersecurity coordination between DHS and state and local governments, implement stronger cybersecurity protections for K-12 educational institutions across the country and ensure that America is prepared to respond to and recover in the event of a major cyber-attack.