Senate lawmakers try again on cyber incident reporting legislation
Martin Matishak February 8, 2022

Senate lawmakers try again on cyber incident reporting legislation

Martin Matishak

February 8, 2022

Senate lawmakers try again on cyber incident reporting legislation

The leaders of the Senate Homeland Security Committee on Tuesday introduced a legislative package meant to boost U.S. cybersecurity, warning a possible Russian invasion of Ukraine could result in cyberattacks against the U.S. by Moscow or its proxies.

The proposed legislation, dubbed the Strengthening American Cybersecurity Act, combines three bills Senate Homeland Chair Gary Peters (D-Mich.) and ranking member Rob Portman (R-Ohio) advanced out of their committee, including a measure that would require critical infrastructure firms to notify the Homeland Security Department when they are breached — legislation that was stripped from last year’s annual defense policy bill.

The cyber incident reporting bill would mandate that critical infrastructure operations alert DHS within 72 hours of a breach and 24 hours if the organization made a ransomware payment.

The package also includes bills to update the Federal Information Security Modernization Act for the first time since 2014 — the House Oversight Committee approved a similar measure last month — and revamp the government’s cloud security benchmarks.

The push comes as the Biden administration remains on edge that the Kremlin could launch cyberattacks to coincide with any further incursion into Ukraine by Russia, which has amassed around 110,000 troops along Ukraine’s borders. 

Anne Neuberger, deputy national security adviser for cyber and emerging technology, traveled to Europe last week to meet with allies and discuss ways to bolster Ukraine’s digital defenses in the event of a Russian digital assault.

The ongoing tensions have lawmakers anxious to shore up systems and networks at home.

“It is clear that, as our nation continues to counter cyber threats and support Ukraine, we need to pass this legislation to provide additional tools to address possible cyber-attacks from adversaries, including the Russian government,” Peters said in a statement, adding the combined bill would “significantly bolster and modernize federal cybersecurity as new, serious software vulnerabilities continue to be discovered, such as the one in log4j.”

Portman, who also co-chairs the Senate Ukraine Caucus, said the bipartisan package would provide National Cyber Director Chris Inglis, the Cybersecurity and Infrastructure Security Agency (CISA) and other “appropriate agencies broad visibility into the cyberattacks taking place across our nation on a daily basis to enable a whole-of-government response, mitigation, and warning to critical infrastructure and others of ongoing and imminent attacks.”

Martin is a senior cybersecurity reporter for The Record. He spent the last five years at Politico, where he covered Congress, the Pentagon and the U.S. intelligence community and was a driving force behind the publication's cybersecurity newsletter.