WASHINGTON, DC – Legislation introduced by U.S. Senators Gary Peters (D-MI) and Rob Portman (R-OH) to provide additional resources and better coordination for serious cyber-attacks or breaches that risk the safety and security of Americans has advanced in the Senate. The legislation was unanimously approved by the Senate Homeland Security and Governmental Affairs Committee, where Peters serves as Chair and Portman serves as Ranking Member.
The legislation would help improve the federal response to cyber breaches, such as the recent attack against the Colonial Pipeline, which controls fuel supply to most of the East Coast. The bill establishes a Cyber Response and Recovery Fund for the Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA) to provide direct support to public or private entities as they respond to and recover from significant cyber-attacks and breaches, following a declaration of a significant incident by the Secretary of Homeland Security.
“This most recent attack against a major U.S. pipeline, which has real-world consequences on the lives of millions, shows that whether it is criminal organizations or foreign governments – bad actors will always look to exploit cybersecurity vulnerabilities to cause disruptions to American life,” said Senator Peters. “That is why it is essential we work to keep our nation’s critical infrastructure safe from cyber-attacks and enable our national security apparatus to better coordinate response and recovery efforts for breaches. I am pleased my bipartisan bill has advanced in the Senate and will continue my efforts to strengthen our cyber defenses.”
“Our nation is increasingly vulnerable to cyberattacks every day, as the Colonial Pipeline ransomware attack showed. Cyberattacks are getting worse and more frequent while the government and critical infrastructure are more dependent on information technology,” said Senator Portman. “Our legislation passed by the Homeland Security and Governmental Affairs Committee will provide an important emergency resource when major cyberattacks occur and overwhelm the organizations attacked.”
The Cyber Response and Recovery Act would create an authority for the Secretary of Homeland Security, in consultation with the National Cyber Director, to declare a Significant Incident in the event of an ongoing or imminent attack that would impact national security, economic security, or government operations. This declaration would empower CISA to coordinate federal and non-federal response efforts, and allow the Secretary access to a Cyber Response and Recovery Fund that would help support federal and non-federal entities impacted by the event. The bill would authorize $20 million over seven years for the fund and would require DHS to report to Congress on its use.