The Senate has approved a legislative package that would direct critical infrastructure operators and owners and federal civilian agencies to report major cyberattacks and ransomware payments to the Cybersecurity and Infrastructure Security Agency.
The proposed Strengthening American Cybersecurity Act, which is now headed to the House, would authorize the Federal Risk and Authorization Management Program for five years to help facilitate the secure adoption of cloud-based platforms by federal agencies, the Senate Homeland Security and Governmental Affairs Committee said Wednesday.
Sens. Gary Peters, D-Mich., and Rob Portman, R-Ohio, authored the legislative package, which includes language from three bills: Federal Information Security Modernization Act of 2021, Federal Secure Cloud Improvement and Jobs Act and the Cyber Incident Reporting Act.
“As our nation continues to support Ukraine, we must ready ourselves for retaliatory cyber-attacks from the Russian government. … This landmark legislation, which has now passed the Senate, is a significant step forward to ensuring the United States can fight back against cybercriminals and foreign adversaries who launch these persistent attacks,” said Peters.
The measure would also update federal cybersecurity laws to require agencies to implement a risk-based approach to cybersecurity and facilitate coordination between agencies.