11.15.21

Peters Provisions to Strengthen Cybersecurity Signed Into Law as Part of Bipartisan Infrastructure Bill

Provisions Would Bolster State and Local Cyber Defenses and Improve Federal Response to Major Breaches

WASHINGTON, D.C. – Provisions secured by U.S. Senator Gary Peters (D-MI), Chairman of the Homeland Security and Governmental Affairs Committee, to bolster our nation’s cybersecurity defenses have been signed into law as a part of the bipartisan infrastructure bill. The provisions Peters secured provide $1 billion to help state, local, tribal, and territorial governments deter attacks from malicious cyber actors and modernize systems to protect sensitive data, information, and public critical infrastructure as well as $100 million to help victims of a serious attack recover quickly. Another provision Peters worked to include provides the newly created office of the National Cyber Director (NCD) with $21 million to secure qualified personnel to support its important cybersecurity mission. An additional provision secured by Peters would help protect our nation’s public water information technology systems from attacks.

“Increasingly sophisticated cyber-attacks have a significant cost on the American people and our national security. We need an all of government response to tackle this threat and the provisions I secured in this important bipartisan bill will help seal up network vulnerabilities in critical infrastructure companies and at all levels of government,” said Senator Peters. “They will also help protect Americans’ sensitive personal information, strengthen our response to online assaults in real time, and improve coordination across government to address this evolving threat. As Chairman of the Homeland Security and Governmental Affairs Committee, I’ll continue leading efforts to strengthen cybersecurity and hold foreign adversaries and criminal organizations accountable for targeting our networks.”

State and local governments increasingly find themselves targeted by high-profile cyber-attacks, costing taxpayers millions of dollars and threatening the data privacy of millions of Americans. A cyber-attack that hit the city of Tulsa in May allowed hackers to access Social Security numbers and impacted the city’s computer system for months. In 2019, the Board of Commissioners from Genesee County, Michigan reported similar attacks on their network, after hackers locked their system and demanded payment for its release. As a part of the bipartisan infrastructure package, Peters secured $1 billion over four years for a fund, managed by the Department of Homeland Security (DHS), to support efforts by state, local, Tribal, and territorial government to improve cybersecurity needs by securing their networks, assessing their cybersecurity vulnerabilities, and building up their cybersecurity workforce.

An additional provision secured by Peters, based on his Cyber Response and Recovery Actwould create an authority for the Secretary of Homeland Security, in consultation with the NCD, to declare a Significant Incident in the event of an ongoing or imminent attack that would impact national security, economic security, or government operations. This declaration would empower the Cybersecurity and Infrastructure Security Agency (CISA) to coordinate federal and non-federal response efforts, and allow the Secretary access to a Cyber Response and Recovery Fund that would help support federal and non-federal entities impacted by the event. The provision would authorize $100 million over five years for the fund and would require DHS to report to Congress on its use. Recent cyber-attacks against critical infrastructure companies, such as the network breach of a major oil pipeline, highlighted the urgent need to secure, and if necessary support recovery efforts for, these systems when they experience major breaches.

Peters also helped to include $21 million for the newly created Office of the NCD to quickly secure qualified personnel to support its important cybersecurity mission. The NCD is a brand new position tasked with coordinating the implementation of national cybersecurity policy and strategy. Peters led the charge to create the NCD position and confirm its first leader, Chris Inglis.

Finally, Peters secured a provision that would require the Environmental Protection Agency (EPA) and CISA to identify public water systems that, if degraded or rendered inoperable due to a cyber-attack, would lead to significant impacts on the health and safety of the public. The provision also directs the EPA Administrator to work with the CISA Director to develop a Technical Cybersecurity Support Plan to ensure both agencies are prioritizing their resources to offer cybersecurity support to water systems across the country. This plan would establish timelines for making specific services, such as penetration testing, site vulnerability assessments, and risk assessments, available to local governments. The provision would help prevent cyber-attacks against public water systems, such the breach of a Florida wastewater treatment plant's computer system last year that allowed hackers to temporarily tamper with Americans’ water supply.

As Chairman of the Homeland Security and Governmental Affairs Committee, Peters has led efforts to increase our nation’s cybersecurity defenses. His bill to enhance cybersecurity assistance to K-12 educational institutions across the country was recently signed into law. Peters recently introduced a bipartisan amendment to the annual defense bill based on his legislation to bolster federal cybersecurity and require critical infrastructure owners and operators to report to CISA if they experience a cyber-attack, and other organizations to notify the federal government if they make a ransom payment. Peters is also conducting an investigation into the role cryptocurrencies continue to play in emboldening and incentivizing cybercriminals to commit ransomware attacks.

###