Back
Published on

U.S. Congress Addressing 18 New Cybersecurity Bills To Address Vulnerable Infrastructure

During the first six months into the Biden-Harris Administration, the series of alarming cybersecurity incidents have prompted U.S. Congress to introduce new cybersecurity bills that aim to increase cybersecurity funding, improve breach reporting, investigate cryptocurrencies, and more. 

In the last two months, we have seen lawmakers introduce at least 18 additional bills to expand the United States’ cybersecurity infrastructure, beginning with the House Committee on Energy and Commerce voting to advance six bills that primarily deal with digital security and two other bills that contain significant cybersecurity provisions.

Let’s explore the current legislation before U.S. Congress:

The Cyber Incident Notification Act of 2021

Introduced earlier this month, the Cyber Incident Notification Act of 2021 would “require federal government agencies, federal contractors, and critical infrastructure operators to notify the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) when a breach is detected so that the U.S. government can mobilize to protect critical industries across the country.”

The bill is sponsored by Senator Mark R. Warner (D-VA), chairman of the Senate Select Committee on Intelligence, in addition to Senator Marco Rubio (R-FL), vice chairman of the Committee, and Senator Susan Collins (R-ME), a senior member of the Committee. 

This bill directly speaks to the lack of and/or reporting deficiencies associated with consistent incidents – currently, no consistent data breach reporting mandates exist outside of certain critical infrastructure sectors. It also incentivizes reporting organizations to come forward, providing legal immunity. 

“We shouldn’t be relying on voluntary reporting to protect our critical infrastructure,” Warner said in announcing the cyber incident bill. “We need a routine federal standard so that when vital sectors of our economy are affected by a breach, the full resources of the federal government can be mobilized to respond to and stave off its impact.”

2022 Defense Authorization Bill

Also this month, the Senate Armed Services Committee passed its version of the 2022 Defense Authorization Bill, which calls for an increased cybersecurity budget and requirements for the defense sector. Specifically, the bill asks for $268.4 million more for the Defense Department’s cybersecurity budget. 

In assessing what the DOD would need to defend itself against cyberattacks, the bill also asks the DOD to conduct a pilot study to examine the “viability of teaming with ‘internet ecosystem companies to discover and disrupt the use of their platforms, systems, services, and infrastructure by malicious cyber actors.’”

This bill comes as a follow-up to the 2022 Homeland Security funding bill released at the end of June by the House Appropriations Committee, calling for a 16%, or $397.4 million, increase in CISA’s budget above the fiscal year. 

Other Pending Legislation:

In addition to Warner’s pending breach notification bill, lawmakers have introduced 15 additional cybersecurity bills since May. 

Secure Equipment Act of 2021 (R. 3919)

Sponsored: Rep. Steve Scalise (R-LA). 

This bill requires the Federal Communications Commission (FCC) to establish rules stating that it will no longer review or approve any authorization application for equipment on the covered communications equipment or services list.

“Communications equipment or services” are those that the FCC determines to pose an unacceptable risk to national security or the security and safety of U.S. persons.

Understanding Cybersecurity of Mobile Networks Act (R. 2685)

Sponsored: Rep. Anna G. Eshoo (D-CA). 

The bill requires the National Telecommunications and Information Administration (NTIA) to examine and report on the cybersecurity of mobile service networks and the vulnerability of these networks and mobile devices to cyberattacks and surveillance conducted by adversaries.

Enhancing Grid Security Through Public-Private Partnerships Act (R. 2931)

Sponsored: Rep. Jerry McNerney (D-CA)

This bill hit the Senate floor on July 20, 2021. 

This bill directs the Department of Energy (DOE) to implement a program to facilitate and encourage public-private partnerships to address and mitigate the physical security and cybersecurity risks of electric utilities. 

Information and Communication Technology Strategy Act (R. 4028)

Sponsored: Rep. Billy Long (R-MO). 

The bill requires the Secretary of Commerce to report on and develop a whole-of-government strategy concerning the information and communication technology supply chain’s economic competitiveness and other purposes.     

NTIA Policy and Cybersecurity Coordination Act (R. 4046)

American Cybersecurity Literacy Act (R. 4055)

Sponsored: Rep. Adam Kinzinger (R-IL). 

The assistant secretary for communications and information shall develop and conduct a cybersecurity literacy campaign to increase the knowledge and awareness of the American people of best practices to reduce cybersecurity risks.

Communications Security Advisory Act of 2021 (R. 4067)

Sponsored: Rep. Elissa Slotkin (D-MI). 

The bill directs the Federal Communications Commission to establish a council to make recommendations on increasing the security, reliability, and interoperability of communications networks and for other purposes.

Cyber Sense Act (S. 2199)

Sponsored: Sen. Jacky Rosen (D-NV). 

The bill requires the Secretary of Energy to establish a voluntary Cyber Sense program to test the cybersecurity of products and technologies intended for use in the bulk-power system and other purposes.

Civilian Cybersecurity Reserve Act (S. 1324)

Sponsored: Sen. Jacky Rosen (D-NV). 

The bill establishes a Civilian Cyber Security Reserve as a pilot project to address the cybersecurity needs of the United States concerning national security and for other purposes.

International Cybercrime Prevention Act (S. 2139)

Sponsored: Sen. Sheldon Whitehouse (D-RI). 

The bill amends title 18, United States Code, to prevent international cybercrime and for other purposes.

Supply Chain Security Training Act of 2021 (S. 2201)

Sponsored: Sen. Gary Peters (D-MI). 

The bill manages supply chain risk through counterintelligence training and for other purposes.

Protect American Power Infrastructure Act (S. 2269)

Sponsored: Sen. Rick Scott (R-FL). 

The bill aims to secure the bulk-power system in the United States

Federal Cybersecurity Workforce Expansion Act (S. 2274)

Sponsored: Sen. Maggie Hassan (D-NH). 

The bill authorizes the Cybersecurity and Infrastructure Security Agency (CISA) Director to establish an apprenticeship program and establish a pilot program on cybersecurity training for veterans and members of the Armed Forces transitioning to civilian life and other purposes.

Study on Cyber-Attack Response Options Act (S.2292)

Sponsored: Sen. Steve Daines (R-MT). 

The bill requires the Secretary of Homeland Security to study the potential consequences and benefits of amending 18 U.S.C. Section 1030 of the U.S. Criminal Code – specifically the Computer Fraud and Abuse Act (CFAA) – to allow private companies to take proportional actions in response to an unlawful network breach. 

Lawrina
Also read:Networking for Lawyers: How Being a Part of the Community Helps Your Career?

It is now more important than ever for lawyers to develop their connections. Networking could help you both develop as a professional...

Cybersecurity Opportunity Act (S. 2305)

Sponsored: Sen. Jon Ossoff (D-GA).

The bill aims to enhance cybersecurity education through DHS grants.

Article by Andrew Rossow

Andrew Rossow is a Legal Contributor at Lawrina. He is a practicing attorney, adjunct law professor, writer, and speaker on cybersecurity, digital monies, and privacy. Utilizing his millennial upbringing, Rossow provides a well-rounded perspective on legal and technology implications Bitcoin brings to the world of consumer finance. His work has been featured on Bloomberg News, Cheddar, CoinTelegraph, Law360, and numerous others. You can follow him on Twitter at @RossowEsq or visit his website AR Media Consulting.

Related Articles
Electronic Records Policy in 2023: Why Do Lawyers Need It?
Why Microsoft Launched the First APAC Cybersecurity Executive Council and What It Means
Welcome to Cybersecurity for In-House Lawyers
Hacked: How To Identify Who You're Up Against
Thank You! Welcome on board
We use cookies to improve our website's work and deliver better services.
Our use of cookies
Upgrade the manual re-reading of agreements with Loio's AI-driven Highlights. Be in full control over every editing decision, but have the power of machine learning analysis by your hand. Turn on the Highlights tool whenever you need an extra check of your document's most essential details.
Analytics
These cookies collect information that is used to help Us understand how Our Site are being used or how effective Our marketing campaigns are, or to help Us customize Our Site for You. We use Google Analytics to recognize You and link the devices You use when You visit Our Site or Service on Your browser or mobile device, login to Your User Account on Our Site, or otherwise engage with Us.
Hotjar Google Analytics
Communication services
These cookies collect information that is used to help Us to facilitate the interaction with You on Our Site. We also use those cookies to improve customer service by maintaining contact with visitors of Our Site through Intercom chat.
Hotjar
Ad Services
We and Our third-party partners may also use cookies and tracking technologies for advertising purposes. These third-party services collect information about Your use of Our Site over time so that they may play or display ads on devices You may use, and on other websites, apps, or services.
Facebook Twitter LinkedIn Google Ads Taboola
Thank you for your subscription The newsletter will be sent to your mailbox. Ok, Close