Last week, Senators introduced a new legislative package that combines aspects of the Cyber Incident Reporting act, the Federal Information Security Modernization Act of 2021 and the Federal Secure Cloud Improvement and Jobs Act into a more comprehensive, robust and up-to-date bill that is expected to be more likely to pass into law than each of the individual acts from which it borrows.
The new Strengthening American Cybersecurity Act was introduced by Sens. Rob Portman, R-Ohio and Gary Peters, D-Mich., who serve as chairman and ranking member, respectively, of the Senate Committee on Homeland Security and Governmental Affairs.
If passed, the package will enact the following cybersecurity measures for public and private sector organizations:
- Cloud Adoption – The Federal Risk and Authorization Management Program would be authorized for five years to accelerate federal agencies’ adoption of cloud technologies that could fortify their critical systems against cyberattacks.
- Incident Reporting Mandates – The Cybersecurity and Infrastructure Security Agency would have increased authority over incident reporting and response efforts. Federal agencies, as well as owners and operators of critical infrastructure entities would be required to report substantial cyberattacks to CISA within 72 hours and ransomware payments within 24 hours.
- FISMA Update – The legislation would update the Federal Information Security Modernization Act, which was first passed in 2002 and has not been updated since 2014.
The proposed legislation represents the most recent effort of a years-long push from lawmakers to strengthen cybersecurity defenses, mandate incident reporting and deliver much-needed updates to FISMA.
On Feb. 2, the House Committee on Oversight and Reform passed the newest version of FISMA 2022, which clarifies the roles of federal agencies for more efficient cyber incident response, improves the detection and reporting of cyberattacks and accelerates cybersecurity modernization. However, the bill still faces further consideration before passing into law, and multiple previous attempts to update FISMA have been unsuccessful.
Rep. Carolyn Maloney, D-N.Y., who serves as chairwoman for the committee, said in a statement after the favorable vote, “Cyberattacks are now a tool of choice for America’s geopolitical adversaries like Russia and China.”
She added, “After an onslaught of high-profile cyberattacks that threatened and compromised the networks of our federal agencies, it’s imperative that we reform our federal cybersecurity practices with the most advanced protections possible.”
The urgent need for cybersecurity reform is underscored by the major cyberattacks to which Rep. Maloney referred – including the 2020 SolarWinds breach, the Colonial Pipeline ransomware attack in May 2021 and most recently, the Log4j vulnerability – and is further emphasized through CISA’s recent Shields Up warning.
On Friday, CISA urged both public and private sector agencies and organizations to shore up their cyber defenses in anticipation of potential cyberattacks related to the imminent Russian invasion of Ukraine.
Leaders from CISA, the Department of Homeland Security, Leidos and Parsons will be speaking at the Information Security and Innovation Forum hosted by GovCon Wire Events on Feb. 23.
The virtual forum will feature an insightful keynote address from Robert Costello, chief information officer for CISA, an expert panel discussion and the opportunity for audience members to submit questions for exclusive Q&A sessions with these distinguished speakers.
Register now for the Feb. 23 Information Security and Innovation Forum!