Peters & Portman Introduce Legislation to Create Significant Cyber Incident Declaration for Major Cyber-Attacks

WASHINGTON, D.C. – U.S. Senators Gary Peters (D-MI) and Rob Portman (R-OH), Chairman and Ranking Member of the Homeland Security and Governmental Affairs Committee, introduced bipartisan legislation that would provide additional resources and better coordination for serious cyber-attacks or breaches that risk the safety and security of Americans. The legislation would help improve the federal response to cyber breaches, such as recent and serious attacks by foreign adversaries including the Chinese and Russian governments that penetrated both federal networks and private companies’ servers.

The bill would allow the Secretary of Homeland Security to declare a Significant Cyber Incident following a breach of public and private networks, and would also establish a Cyber Response and Recovery Fund for the Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA) to provide direct support to public or private entities as they respond and recover from significant cyber-attacks and breaches.

“Extensive breaches and attacks of public and private networks in just the last few months have compromised our national security and shown our nation is not adequately prepared to tackle evolving cyber threats,” said Senator Peters. “As these challenges continue to grow, our national security apparatus needs more tools and resources to improve our response to these threats and defend against cyber-attacks from our foreign adversaries, like the Chinese government. I am proud to introduce this commonsense, bipartisan legislation and will continue my efforts to strengthen our cyber defenses and protect the American people.”

“The multiple recent cyberattacks from sophisticated malicious actors against U.S. government clearly demonstrate our vulnerability to attack. These cyberattacks will continue, and we must ensure that we have the capacity to respond when they do,” said Senator Portman. “This bipartisan bill will provide emergency resources when impacted organizations are overwhelmed and unable to respond to a debilitating attack.  I urge my colleagues to join us in supporting this commonsense legislation to take a needed step in strengthening our cyber defenses.”

The Cyber Response and Recovery Act would create an authority for the Secretary of Homeland Security, in consultation with the National Cyber Director, to declare a Significant Cyber Incident in the event of an ongoing or imminent attack that would impact national security, economic security, or government operations. This declaration would empower CISA to coordinate federal and non-federal response efforts, and allow the Secretary access to a Cyber Response and Recovery Fund that would help support federal and non-federal entities impacted by the event. The bill would authorize $20 million over seven years for the fund and would require DHS to report to Congress on its use. 

As Chairman of the Homeland Security and Governmental Affairs Committee, Peters has led efforts to bolster our nation’s cybersecurity defenses. Peters convened a hearing with senior cybersecurity officials on the SolarWinds hack and ongoing cybersecurity vulnerabilities. As a part of the American Rescue Plan Act, Peters helped secure nearly $2 billion to modernize and secure information systems critical to the federal pandemic response. Last Congress, the Senate unanimously approved Peters’ bill to strengthen cybersecurity coordination between DHS and state and local governments. Peters has also pushed bipartisan legislation to improve access to cybersecurity resources and training for small businesses and to support K-12 schools with the resources they need to bolster their cybersecurity.