11.06.21

After Passing House, Peters Provisions to Strengthen Cybersecurity in Bipartisan Infrastructure Bill Head to President to Be Signed into Law

Provisions Would Bolster State and Local Cyber Defenses, Improve Federal Response to Online Attacks, and Protect Critical Infrastructure Networks

WASHINGTON, D.C. – Provisions secured by U.S. Senator Gary Peters (D-MI), Chairman of the Homeland Security and Governmental Affairs Committee, to bolster our nation’s cyber defenses have passed the House as a part of a bipartisan bill that would significantly upgrade our nation’s infrastructure. The legislation passed the Senate in August and now heads to President Biden’s desk to be signed into law. The provisions Peters secured would provide $1 billion to help state, local, tribal, and territorial governments deter attacks from malicious cyber actors and modernize systems to protect sensitive data, information, and public critical infrastructure, as well as $100 million to increase our government’s ability to quickly respond to major network intrusions. Peters also helped to include funding for the newly created office of the National Cyber Director (NCD) with $21 million to secure qualified personnel to support its important cybersecurity mission. An additional provision secured by Peters would help protect our nation’s public water information technology systems.

“Recent cyber-attacks have hit everything from government offices to critical infrastructure companies. These assaults show that adversaries and criminal organizations will continue exploiting our network vulnerabilities to disrupt American lives,” said Senator Peters. “Now that these provisions have passed both chambers as a part of the bipartisan infrastructure bill – I urge the President to sign them into law as soon as possible so we can strengthen cybersecurity in local communities across the nation, safeguard Americans’ personal information, and provide our national security agencies with more resources to deter attacks and help public and private entities, such as critical infrastructure companies, recover from them.

State and local governments increasingly find themselves targeted by high-profile cyber-attacks, costing taxpayers millions of dollars and threatening the data privacy of millions of Americans. A cyber-attack that hit the city of Tulsa in May allowed hackers to access Social Security numbers and impacted the city’s computer system for months. In 2019, the Board of Commissioners from Genesee County, Michigan reported similar attacks on their network, after hackers locked their system and demanded payment for its release. As a part of the bipartisan infrastructure package, Peters secured $1 billion over four years for a fund, managed by the Department of Homeland Security (DHS), to support efforts by state, local, Tribal, and territorial government to improve cybersecurity needs by securing their networks, assessing their cybersecurity vulnerabilities, and building up their cybersecurity workforce.

An additional provision secured by Peters, based on his Cyber Response and Recovery Actwould create an authority for the Secretary of Homeland Security, in consultation with the NCD, to declare a Significant Incident in the event of an ongoing or imminent attack that would impact national security, economic security, or government operations. This declaration would empower the Cybersecurity and Infrastructure Security Agency (CISA) to coordinate federal and non-federal response efforts, and allow the Secretary access to a Cyber Response and Recovery Fund that would help support federal and non-federal entities impacted by the event. The provision would authorize $100 million over five years for the fund and would require DHS to report to Congress on its use. Recent cyber-attacks against critical infrastructure companies, such as the network breach of a major oil pipeline, highlighted the urgent need to secure, and if necessary support recovery efforts for, these systems when they experience major breaches.

Peters also helped to include $21 million for the newly created Office of the NCD to quickly secure qualified personnel to support its important cybersecurity mission. The NCD is a brand new position tasked with coordinating the implementation of national cybersecurity policy and strategy. Peters led the charge to create the NCD position and confirm its first leader, Chris Inglis.

Finally, Peters secured a provision that would require the Environmental Protection Agency (EPA) and CISA to identify public water systems that, if degraded or rendered inoperable due to a cyber-attack, would lead to significant impacts on the health and safety of the public. The provision also directs the EPA Administrator to work with the CISA Director to develop a Technical Cybersecurity Support Plan to ensure both agencies are prioritizing their resources to offer cybersecurity support to water systems across the country. This plan would establish timelines for making specific services, such as penetration testing, site vulnerability assessments, and risk assessments, available to local governments. The provision would help prevent cyber-attacks against public water systems, such the breach of a Florida wastewater treatment plant's computer system last year that allowed hackers to temporarily tamper with Americans’ water supply.

As Chairman of the Homeland Security and Governmental Affairs Committee, Peters has led efforts to increase our nation’s cybersecurity defenses. His bill to enhance cybersecurity assistance to K-12 educational institutions across the country was recently signed into law. Peters’ bipartisan bills to bolster federal cybersecurity and require critical infrastructure owners and operators to report to CISA if they experience a cyber-attack, and other organizations, including nonprofits, many businesses, and state and local governments, to notify the federal government they make a ransom payment recently advanced in the Senate. Peters is also conducting an investigation into the role cryptocurrencies continue to play in emboldening and incentivizing cybercriminals to commit ransomware attacks.

###