During the first six months into the Biden-Harris Administration, the series of alarming cybersecurity incidents have prompted U.S. Congress to introduce new cybersecurity bills that aim to increase cybersecurity funding, improve breach reporting, investigate cryptocurrencies, and more.
In the last two months, we have seen lawmakers introduce at least 18 additional bills to expand the United States’ cybersecurity infrastructure, beginning with the House Committee on Energy and Commerce voting to advance six bills that primarily deal with digital security and two other bills that contain significant cybersecurity provisions.
Let’s explore the current legislation before U.S. Congress:
The Cyber Incident Notification Act of 2021
Introduced earlier this month, the Cyber Incident Notification Act of 2021 would “require federal government agencies, federal contractors, and critical infrastructure operators to notify the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) when a breach is detected so that the U.S. government can mobilize to protect critical industries across the country.”
The bill is sponsored by Senator Mark R. Warner (D-VA), chairman of the Senate Select Committee on Intelligence, in addition to Senator Marco Rubio (R-FL), vice chairman of the Committee, and Senator Susan Collins (R-ME), a senior member of the Committee.
This bill directly speaks to the lack of and/or reporting deficiencies associated with consistent incidents – currently, no consistent data breach reporting mandates exist outside of certain critical infrastructure sectors. It also incentivizes reporting organizations to come forward, providing legal immunity.
“We shouldn’t be relying on voluntary reporting to protect our critical infrastructure,” Warner said in announcing the cyber incident bill. “We need a routine federal standard so that when vital sectors of our economy are affected by a breach, the full resources of the federal government can be mobilized to respond to and stave off its impact.”
2022 Defense Authorization Bill
Also this month, the Senate Armed Services Committee passed its version of the 2022 Defense Authorization Bill, which calls for an increased cybersecurity budget and requirements for the defense sector. Specifically, the bill asks for $268.4 million more for the Defense Department’s cybersecurity budget.
In assessing what the DOD would need to defend itself against cyberattacks, the bill also asks the DOD to conduct a pilot study to examine the “viability of teaming with ‘internet ecosystem companies to discover and disrupt the use of their platforms, systems, services, and infrastructure by malicious cyber actors.’”
This bill comes as a follow-up to the 2022 Homeland Security funding bill released at the end of June by the House Appropriations Committee, calling for a 16%, or $397.4 million, increase in CISA’s budget above the fiscal year.
Other Pending Legislation:
In addition to Warner’s pending breach notification bill, lawmakers have introduced 15 additional cybersecurity bills since May.
Secure Equipment Act of 2021 (R. 3919)
Sponsored: Rep. Steve Scalise (R-LA).
This bill requires the Federal Communications Commission (FCC) to establish rules stating that it will no longer review or approve any authorization application for equipment on the covered communications equipment or services list.
“Communications equipment or services” are those that the FCC determines to pose an unacceptable risk to national security or the security and safety of U.S. persons.
Understanding Cybersecurity of Mobile Networks Act (R. 2685)
Sponsored: Rep. Anna G. Eshoo (D-CA).
The bill requires the National Telecommunications and Information Administration (NTIA) to examine and report on the cybersecurity of mobile service networks and the vulnerability of these networks and mobile devices to cyberattacks and surveillance conducted by adversaries.
Enhancing Grid Security Through Public-Private Partnerships Act (R. 2931)
Sponsored: Rep. Jerry McNerney (D-CA)
This bill hit the Senate floor on July 20, 2021.
This bill directs the Department of Energy (DOE) to implement a program to facilitate and encourage public-private partnerships to address and mitigate the physical security and cybersecurity risks of electric utilities.
Information and Communication Technology Strategy Act (R. 4028)
Sponsored: Rep. Billy Long (R-MO).
The bill requires the Secretary of Commerce to report on and develop a whole-of-government strategy concerning the information and communication technology supply chain’s economic competitiveness and other purposes.
NTIA Policy and Cybersecurity Coordination Act (R. 4046)
American Cybersecurity Literacy Act (R. 4055)
Sponsored: Rep. Adam Kinzinger (R-IL).
The assistant secretary for communications and information shall develop and conduct a cybersecurity literacy campaign to increase the knowledge and awareness of the American people of best practices to reduce cybersecurity risks.
Communications Security Advisory Act of 2021 (R. 4067)
Sponsored: Rep. Elissa Slotkin (D-MI).
The bill directs the Federal Communications Commission to establish a council to make recommendations on increasing the security, reliability, and interoperability of communications networks and for other purposes.
Cyber Sense Act (S. 2199)
Sponsored: Sen. Jacky Rosen (D-NV).
The bill requires the Secretary of Energy to establish a voluntary Cyber Sense program to test the cybersecurity of products and technologies intended for use in the bulk-power system and other purposes.
Civilian Cybersecurity Reserve Act (S. 1324)
Sponsored: Sen. Jacky Rosen (D-NV).
The bill establishes a Civilian Cyber Security Reserve as a pilot project to address the cybersecurity needs of the United States concerning national security and for other purposes.
International Cybercrime Prevention Act (S. 2139)
Sponsored: Sen. Sheldon Whitehouse (D-RI).
The bill amends title 18, United States Code, to prevent international cybercrime and for other purposes.
Supply Chain Security Training Act of 2021 (S. 2201)
Sponsored: Sen. Gary Peters (D-MI).
The bill manages supply chain risk through counterintelligence training and for other purposes.
Protect American Power Infrastructure Act (S. 2269)
Sponsored: Sen. Rick Scott (R-FL).
The bill aims to secure the bulk-power system in the United States
Federal Cybersecurity Workforce Expansion Act (S. 2274)
Sponsored: Sen. Maggie Hassan (D-NH).
The bill authorizes the Cybersecurity and Infrastructure Security Agency (CISA) Director to establish an apprenticeship program and establish a pilot program on cybersecurity training for veterans and members of the Armed Forces transitioning to civilian life and other purposes.
Study on Cyber-Attack Response Options Act (S.2292)
Sponsored: Sen. Steve Daines (R-MT).
The bill requires the Secretary of Homeland Security to study the potential consequences and benefits of amending 18 U.S.C. Section 1030 of the U.S. Criminal Code – specifically the Computer Fraud and Abuse Act (CFAA) – to allow private companies to take proportional actions in response to an unlawful network breach.
Cybersecurity Opportunity Act (S. 2305)
Sponsored: Sen. Jon Ossoff (D-GA).
The bill aims to enhance cybersecurity education through DHS grants.
Andrew Rossow is a Legal Contributor at Lawrina. He is a practicing attorney, adjunct law professor, writer, and speaker on cybersecurity, digital monies, and privacy. Utilizing his millennial upbringing, Rossow provides a well-rounded perspective on legal and technology implications Bitcoin brings to the world of consumer finance. HIs work has been featured on Bloomberg News, Cheddar, CoinTelegraph, Law360, and numerous others. You can follow him on Twitter at @RossowEsq or visit his website AR Media Consulting.