Portman, Peters Release Bipartisan Legislation to Bolster Federal Cybersecurity

WASHINGTON, DC – U.S. Senators Rob Portman (R-OH) and Gary Peters (D-MI), Ranking Member and Chairman of the Homeland Security and Governmental Affairs Committee, released text of their bipartisan legislation that strengthens cybersecurity across the federal government, ensures attacks on federal networks and contractors are reported to the Cybersecurity and Infrastructure Security Agency (CISA) and Congress in a timely manner, and clarifies roles and responsibilities in federal information security. The bipartisan legislation significantly reforms the Federal Information Security Modernization Act, which has not been updated since 2014, to ensure our nation has the tools and resources it needs to protect federal information technology systems. The bill will be considered by the Committee on Wednesday, October 6, 2021. 

“The recent cyber and ransomware attacks against the federal government and critical infrastructure demonstrate the persistence and sophistication of our adversaries.  I have authored two bipartisan reports demonstrating the cybersecurity weaknesses of federal agencies, and the need to update the Federal Information Security Modernization Act.  These reports show that federal agencies are unprepared to meet the sophisticated, determined threat we face and have failed to address many vulnerabilities for nearly a decade, putting the sensitive data of all Americans at risk,” said Senator Portman. “This bipartisan bill provides the security the American people deserve and the accountability necessary to resolve longstanding weaknesses in federal cybersecurity by clarifying roles and responsibilities and requiring the government to quickly inform the American people if their information is compromised. I urge my colleagues to join in supporting this common-sense, bipartisan legislation to update the Federal Information Security Modernization Act.” 

“Increasingly sophisticated cyber-attacks against our federal agencies by foreign adversaries – and criminal organizations they often harbor – highlight the urgent need to enhance federal cybersecurity. Since Congress last addressed this critical issue, online threats have rapidly evolved and CISA had not yet been created,” said Senator Peters. “This bipartisan bill will help secure our federal networks, update cyber incident reporting requirements for federal agencies and contractors to ensure they are quickly sharing information, and prevent hackers from infiltrating agency networks to steal sensitive data and compromise national security.”  

Recent cyberattacks like SolarWinds allowed foreign adversaries to access key federal agencies including the Department of Homeland Security and the Department of State. Vulnerabilities in Microsoft’s Exchange Server allowed the Chinese government to access the networks of thousands of organizations around the world. The senators’ bipartisan legislation would help mitigate the effect these attacks have on the federal government and help federal agencies better address evolving cyber threats. 

The Federal Information Security Modernization Act of 2021 overhauls and updates the Federal Information Security Modernization Act of 2014 to support more effective cybersecurity practices throughout the federal government and improve coordination between the Office of Management and Budget (OMB), CISA, National Cyber Director, and other federal agencies and contractors when addressing cyber threats. The bill requires civilian agencies to notify individuals when their information is compromised, report major incidents to Congress. The legislation also codifies aspects of President Biden’s Executive Order on Improving the Nation’s Cybersecurity to enforce higher-level security protections for federal information systems and the sensitive data they store. Finally, the bill requires OMB to issue guidance to federal agencies to efficiently allocate the cybersecurity resources they need to protect their networks.   

As Ranking Member and Chairman of the Homeland Security and Governmental Affairs Committee, Portman and Peters have led several efforts to strengthen our nation’s cybersecurity. They recently introduced bipartisan legislation to require critical infrastructure owners and operators to report to CISA if they experience a cyber-attack, and most entities to report if they make a ransomware payment. The senators convened a hearing with top federal cybersecurity officials to examine additional resources and authorities the federal government needs to deter cyberattacks. In August, the senators released Federal Cybersecurity: America’s Data Still at Risk, a report on eight specific agencies that revealed ongoing improvements are also needed to federal agency cybersecurity. Portman and Peters’ bipartisan legislation to promote stronger cybersecurity coordination between DHS and state and local governments has advanced in the Senate. In June, the senators also convened a hearing with the Chief Executive Officer of Colonial Pipeline to examine the ransomware attack against the company. 

Click here to see the text of the senators’ legislation.