03.02.22

Senate Passes Peters Landmark Legislative Package to Strengthen Public and Private Sector Cybersecurity

Package Includes His Bipartisan Bills to Protect Critical Infrastructure and Federal Networks, and Ensure Government Can Safely Adopt Cloud Technology

WASHINGTON, D.C. – The Senate has passed a landmark legislative package authored by U.S. Senator Gary Peters (MI), Chairman Homeland Security and Governmental Affairs Committee, to significantly enhance our nation’s ability to combat ongoing cybersecurity threats against our critical infrastructure and the federal government. The legislation is urgently needed in the face of potential cyber-attacks sponsored by the Russian government in retaliation for U.S. support in Ukraine. The legislation combines language from three bills Peters authored and advanced out of his committee –  the Cyber Incident Reporting Act, the Federal Information Security Modernization Act of 2021, and the Federal Secure Cloud Improvement and Jobs Act. The combined bill, known as the Strengthening American Cybersecurity Act, would require critical infrastructure owners and operators and civilian federal agencies to report to the Cybersecurity and Infrastructure Security Agency (CISA) if they experience a substantial cyber-attack. It would also require critical infrastructure owners and operators to report ransomware payments to CISA, modernize the government’s cybersecurity posture, and authorize the Federal Risk and Authorization Management Program (FedRAMP) to ensure federal agencies can quickly and securely adopt cloud-based technologies that improve government operations and efficiency. The legislation now moves to the House of Representatives.

“As our nation continues to support Ukraine, we must ready ourselves for retaliatory cyber-attacks from the Russian government. As we have seen repeatedly, these online attacks can significantly disrupt our economy – including by driving up the price of gasoline and threating our most essential supply chains – as well as the safety and security of our communities. This landmark legislation, which has now passed the Senate, is a significant step forward to ensuring the United States can fight back against cybercriminals and foreign adversaries who launch these persistent attacks,” said Senator Peters. “Our landmark, bipartisan bill will ensure CISA is the lead government agency responsible for helping critical infrastructure operators and civilian federal agencies respond to and recover from major network breaches and mitigate operational impacts from hacks. I will continue urging my colleagues in the House to pass this urgently needed legislation to improve public and private cybersecurity as new vulnerabilities are discovered, and ensure that the federal government can safety and securely utilize cloud-based technology to save taxpayer dollars.”

Last year, hackers breached the network of a major oil pipeline forcing the company to shut down over 5,500 miles of pipeline – leading to increased prices and gas shortages for communities across the East Coast. Last summer, the country’s largest beef supplier was hit by a cyber-attack, prompting shutdowns at company plants and threatening meat supplies all across the nation. As these kinds of attacks continue to rise, Peters’ legislation would help ensure critical infrastructure entities such as banks, electric grids, water networks, and transportation systems are able to quickly recover and provide essential services to the American people in the event of network breaches.

The Strengthening American Cybersecurity Act would require critical infrastructure owners and operators to report to CISA within 72 hours if they are experiencing a substantial cyber-attack, and within 24 hours if they make a ransomware payment. Additionally, the package would update current federal government cybersecurity laws to improve coordination between federal agencies, require the government to take a risk-based approach to cybersecurity, as well as require all civilian agencies to report all cyber-attacks to CISA, and update the threshold for agencies to report cyber incidents to Congress. It also provides additional authorities to CISA to ensure they are the lead federal agency in charge of responding to cybersecurity incidents on federal civilian networks. Finally, the package would authorize FedRAMP for five years to ensure federal agencies are able to quickly and securely adopt cloud-based technologies that improve government efficiency and save taxpayer dollars.

As Chairman of the Homeland Security and Governmental Affairs Committee, Peters has led efforts to increase our nation’s cybersecurity defenses. Peters’ bill to enhance cybersecurity assistance to K-12 educational institutions across the country was recently signed into law. His provision to provide staffing for the National Cyber Director office to improve cybersecurity policy was signed into law as a part of the annual defense bill. The senator secured several provisions in the bipartisan infrastructure law to bolster cybersecurity – including $100 million fund to help victims of a serious attack recover quickly.

Click here to view text of Peters’ bipartisan cybersecurity legislation that passed the Senate. 

###