WASHINGTON, D.C. – U.S. Senators Gary Peters (D-MI) and Rob Portman (R-OH), Chairman and Ranking Member of the Homeland Security and Governmental Affairs Committee, released text of their bipartisan legislation that strengthens cybersecurity across the federal government, ensures that attacks on the networks of federal agencies and contractors are reported to the Cybersecurity and Infrastructure Security Agency (CISA) and Congress in a timely manner, and clarifies CISA’s roles and responsibilities in federal information security. The senators’ legislation significantly reforms the Federal Information Security Modernization Act – which has not been updated since 2014 – to ensure our nation has the tools and resources it needs to protect federal information technology systems. The bill will be considered by the Committee on Wednesday, October 6, 2021.
“Increasingly sophisticated cyber-attacks against our federal agencies by foreign adversaries – and criminal organizations they often harbor – highlight the urgent need to enhance federal cybersecurity. Since Congress last addressed this critical issue, online threats have rapidly evolved and CISA had not yet been created,” said Senator Peters. “This bipartisan bill will help secure our federal networks, update cyber incident reporting requirements for federal agencies and contractors to ensure they are quickly sharing information, and prevent hackers from infiltrating agency networks to steal sensitive data and compromise national security.”
“The recent cyber and ransomware attacks against the federal government and critical infrastructure demonstrate the persistence and sophistication of our adversaries. I have authored two bipartisan reports demonstrating the cybersecurity weaknesses of federal agencies, and the need to update the Federal Information Security Modernization Act. These reports show that federal agencies are unprepared to meet the sophisticated, determined threat we face and have failed to address many vulnerabilities for nearly a decade putting the sensitive data of all Americans at risk,” said Senator Portman. “This bipartisan bill provides the security the American people deserve and the accountability necessary to resolve longstanding weaknesses in federal cybersecurity by clarifying roles and responsibilities and requiring the government to quickly inform the American people if their information is compromised. I urge my colleagues to join in supporting this common-sense, bipartisan legislation to update the Federal Information Security Modernization Act.”
Recent cyber-attacks that allowed foreign adversaries to access federal networks and impact national security include the SolarWinds attack that affected federal agencies, including the Department of Homeland Security and the Department of Defense. Vulnerabilities in the Microsoft Exchange Server allowed the Chinese government to access the networks of thousands of organizations around the world – including government agencies. The senators’ bipartisan legislation would help mitigate the effect these attacks have on the federal government and help federal agencies take more effective, measurable, and successful actions to address evolving cyber-threats.
The Federal Information Security Modernization Act of 2021 overhauls and updates the Federal Information Security Modernization Act of 2014 to support more effective cybersecurity practices throughout the federal government and improve coordination between the Office of Management and Budget (OMB), CISA, National Cyber Director, and other federal agencies and contractors when addressing online threats. The bill requires civilian agencies to report all cyber-attacks to CISA and major incidents to Congress, and provides additional authorities to CISA to ensure they are the lead agency for responding to incidents and breaches on federal civilian networks. The legislation also codifies aspects of President Biden’s Executive Order on Improving the Nation’s Cybersecurity to enforce higher level security protections for federal information systems and the sensitive data they often store. Finally, the bill requires OMB to develop guidance for federal agencies to use so they can efficiently allocate the cybersecurity resources they need to protect their networks.
As Chairman and Ranking Member of the Homeland Security and Governmental Affairs Committee, Peters and Portman have led several efforts to strengthen our nation’s cybersecurity. They recently introduced bipartisan legislation to require critical infrastructure owners and operators to report to the CISA if they experience a cyber-attack, and most entities to report if they make a ransomware payment. The senators convened a hearing with top federal cybersecurity officials to examine additional resources and authorities the federal government needs to deter cyber-attacks. In August, the senators released Federal Cybersecurity: America’s Data Still at Risk, a report on federal agency cybersecurity, focused on eight specific agencies that revealed ongoing improvements are also needed to federal agency cybersecurity. Peters and Portman’s bipartisan legislation to promote stronger cybersecurity coordination between DHS and state and local governments has advanced in the Senate. In June, the senators also convened a hearing with the Chief Executive Officer of Colonial Pipeline to examine the ransomware attack against the company.
Click here to see text of the senators’ legislation.