Senate Passes Portman, Peters Bipartisan Legislation to Create Significant Cyber Incident Declaration for Major Cyberattacks

WASHINGTON, DC – Yesterday, the Senate passed the Cyber Response and Recovery Act, authored by U.S. Senators Rob Portman (R-OH) and Gary Peters (D-MI), Ranking Member and Chairman of the Senate Homeland Security and Governmental Affairs Committee, which will provide additional resources and better coordination for serious cyberattacks or breaches that risk the safety and security of Americans. 

The legislation, which was included in the U.S. Innovation and Competition Act, will help improve the federal response to cyberattacks, such as the recent ransomware attack against the Colonial Pipeline, by establishing a Cyber Response and Recovery Fund for the Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA) to provide direct support to public or private entities as they respond to and recover from significant cyberattacks and breaches. 

“Our nation is increasingly vulnerable to cyberattacks every day, as the Colonial Pipeline ransomware attack showed. Cyberattacks are getting worse and more frequent while the government and critical infrastructure are more dependent on information technology,” said Senator Portman. “Our legislation passed by the Senate will provide important emergency resources when major cyberattacks occur and overwhelm the organizations attacked.” 

“Over the past few months, we have seen foreign adversaries and criminal organizations relentlessly attack American networks. As we saw from the recent attack against Colonial Pipeline – these breaches can have devastating effects on our daily lives,” said Senator Peters. “This bipartisan provision will help strengthen our response to online assaults from bad actors to ensure we are providing the public and private sector with the resources to recover from attacks and help protect our nation’s critical infrastructure. I look forward to seeing this important provision signed into law and will continue my efforts to bolster our nation’s cyber defenses.” 

The Cyber Response and Recovery Act will create authority for the Secretary of Homeland Security, in consultation with the National Cyber Director, to declare a Significant Incident in the event of an ongoing or imminent attack that would impact national security, economic security, or government operations. This declaration would empower CISA to coordinate federal and non-federal response efforts, and allow the Secretary access to a Cyber Response and Recovery Fund that would help support federal and non-federal entities impacted by the event. The bill would authorize $20 million over seven years for the fund and would require DHS to report to Congress on its use.