WASHINGTON, D.C. – Two pieces of legislation authored by U.S. Senator Gary Peters (D-MI) to help protect public and private networks from growing cybersecurity threats have advanced in the Senate. The legislation was unanimously approved by the Senate Homeland Security and Governmental Affairs Committee, where Peters serves as Chair. The bills would enhance cybersecurity guidance for K-12 educational institutions across the country and secure federal information technology supply chains against cybersecurity threats and other vulnerabilities.
“Rising cyber-attacks on everything from a major oil pipeline and hundreds of small businesses – to our federal agencies and even K-12 schools – show that we need a comprehensive, all of government approach to fight back against foreign adversaries and cybercriminals who persist in their attempts to infiltrate and wreak havoc on American networks,” said Senator Peters. “These bipartisan bills will help protect our schools and supply chains in Michigan and across the nation from hackers who seek to exploit the weakest links to steal information and hold institutions hostage. I’ll continue to fight for their swift passage into law and work to continue strengthening our nation’s cyber defenses.”
The K-12 Cybersecurity Act directs the Cybersecurity and Infrastructure Security Agency (CISA) to work with teachers, school administrators, other federal departments and private sector organizations to complete a study of cybersecurity risks specific to K-12 educational institutions, including risks related to securing sensitive student and employee records and challenges related to remote-learning. Following the completion of that study, the bill directs CISA to develop cybersecurity recommendations and an online toolkit to help schools improve their cybersecurity hygiene. Schools are responsible for securing a considerable amount of sensitive records related to their students and employees, including student grades, family records, medical histories, and employment information. In 2020, K-12 public schools saw a record-breaking number of cyber-attacks with more than 400 publicly-reported incidents.
The Supply Chain Security Training Act directs the General Services Administration in coordination with the Department of Homeland Security, Department of Defense and the Office of Management and Budget to create a standardized training program to help federal employees responsible for purchasing services and equipment identify whether those products could compromise the federal government’s information security. Recent breaches of federal information systems exploited vulnerabilities in the SolarWinds and Microsoft Exchange networks, highlighting the need for robust technological supply chain security and the importance of ensuring agency personnel responsible for managing these resources are well versed and up-to-date on cybersecurity threats and other attempts to steal sensitive or valuable information.
As Chairman of the Homeland Security and Governmental Affairs Committee, Peters has led efforts to strengthen cybersecurity across government, the private sector and our critical infrastructure. A provision authored by Peters to increase our government’s ability to quickly respond to cyber-attacks that could compromise federal supply chains, such as recent breaches of the SolarWinds and Microsoft Exchange networks, passed the Senate as part of a larger package to boost American competitiveness. As a part of the American Rescue Plan Act, Peters helped secure nearly $2 billion to modernize federal information technology systems, bolster federal cyber defenses and guard against attempts to attack technological supply chains and networks critical to our pandemic response. In April, the Senate also passed his provision to help protect our nation’s public water infrastructure technology systems, following recent cyber-attacks on water utilities.