Russia’s invasion of Ukraine is pushing lawmakers to authorize the first set of mandates that specifically address cybersecurity concerns for critical infrastructure and federal agencies.
The Senate March 2 unanimously approved on the Strengthening American Cybersecurity Act, a bipartisan package meant to supplement and amend three previous bills—the Cyber Incident Reporting Act, the Federal Information Security Modernization Act, and the Federal Secure Cloud Improvement and Jobs Act—that set requirements for critical infrastructure entities to report instances of cyberattacks and initiated a process to accelerate cloud technology adoption in government. This was a stark contrast from the failure of similar provisions proposed for last year’s National Defense Authorization Act (NDAA).
“It is clear that, as our nation continues to counter cyber threats and support Ukraine, we need to pass this legislation to provide additional tools to address possible cyber-attacks from adversaries, including the Russian government,” said Sen. Gary Peters (D-MI) in a press statement.
The Senate PASSED landmark bipartisan legislation to protect America’s critical infrastructure from cyberattacks.
— Senate Democrats (@SenateDems) March 2, 2022
Chairman @SenGaryPeters explains why this is so important right now. pic.twitter.com/R9BmXHInvi
The new omnibus bill directs operators of critical infrastructure—including banks, energy grids, or large factories whose destruction would “have a debilitating impact on national security”—to report instances of substantial cyberattacks or ransomware payments to the Cybersecurity and Infrastructure Security Agency (CISA). In addition, it authorizes $20 million over five years for the Federal Risk and Authorization Management Program (FedRAMP) to expedite the implementation of cloud technologies in government.
Most importantly, CISA is expected to gain access to a much broader range of information on the nature and frequency of cyberattacks in the United States. 2021 saw an increase in the number of cyberattacks on various industries, some of the most prominent being the ransomware attack on Colonial Pipeline and the shutdown of JBS meatpacking facilities. The new bill designates CISA as the lead federal agency in responding to cyber incidents and aims to minimize security and economic damage.
Republican legislators, including co-sponsor Sen. Rob Portman (R-OH) noted the urgency of the bill precisely in the light of U.S. support of Ukraine, criticizing the omission of U.S. cybersecurity in President Biden’s State of the Union address given on the same day.
The bipartisan Strengthening American Cybersecurity Act is urgently needed in the face of potential cyberattacks sponsored by Russia in retaliation for our just support of #Ukraine. I was disappointed @POTUS failed to mention U.S. cybersecurity during the #SOTU last night.
— Rob Portman (@senrobportman) March 3, 2022
The House displayed relatively high support for similar provisions within the NDAA in 2021 and is expected to do the same with the Strengthening American Cybersecurity Act, which it received on March 2.
