New cyber bill in the mix

Senate Homeland Security and Governmental Affairs Committee Chairman Gary Peters (D-Mich.) and ranking member Rob Portman (R-Ohio) introduced a bill Monday to overhaul and improve federal cybersecurity policies following multiple major cyberattacks.

The legislation is aimed at updating the Federal Information Security Modernization Act, signed into law in 2014, and takes steps to clarify reporting requirements for federal agencies if they are successfully targeted by hackers.

“Increasingly sophisticated cyber-attacks against our federal agencies by foreign adversaries – and criminal organizations they often harbor – highlight the urgent need to enhance federal cybersecurity,” Peters said in a statement Monday.

Reporting space: The bill clarifies the Cybersecurity and Infrastructure Security Agency’s (CISA) role in responding to cybersecurity incidents, with federal agencies required to report major attacks to both CISA and Congress, and would ensure CISA is the lead organization on responding to these incidents.

It also requires the Office of Management and Budget to develop guidance to help federal agencies best use funds to shore up cybersecurity, and codifies part of the executive order President Biden signed in May aimed at improving federal cybersecurity.

Troubling early signs: Portman on Monday pointed to two reports put out by the committee since 2019 that found massive cybersecurity shortcomings at several federal agencies. These reports have raised even more concerns following the SolarWinds hack, discovered in December, which involved Russian government-linked hackers compromising at least nine federal agencies for much of 2020.

“These reports show that federal agencies are unprepared to meet the sophisticated, determined threat we face and have failed to address many vulnerabilities for nearly a decade putting the sensitive data of all Americans at risk,” Portman said.