Cyber Response Bill Advances in Senate
The legislation includes a fund to help impacted organizations pay for remediation efforts.
Bipartisan legislation that would provide additional resources for responding to cyberattacks that put Americans’ safety at risk advanced unanimously out of the Senate Homeland Security and Governmental Affairs Committee and now awaits a full Senate vote.
The Cyber Response and Recovery Act, introduced in April by Sens. Gary Peters, D-Mich., and Rob Portman, R-Ohio, would kick-start the government’s ability to respond to cyber events at federal or nonfederal organizations, including the ransomware attack that shut down the privately operated Colonial Pipeline.
Key provisions in the legislation would allow the Homeland Security secretary to declare a significant incident and tap a Cyber Response and Recovery Fund—equipped with $20 million—to help pay for response and remediation efforts. The Homeland Security Department’s Cybersecurity and Infrastructure Security Agency would coordinate efforts. At a hearing on the SolarWinds hack Tuesday, Peters and Portman argued the bill would have provided a vital boost to the government’s response to both SolarWinds and Colonial Pipeline attacks.
“That is why it is essential we work to keep our nation’s critical infrastructure safe from cyber-attacks and enable our national security apparatus to better coordinate response and recovery efforts for breaches. I am pleased my bipartisan bill has advanced in the Senate and will continue my efforts to strengthen our cyber defenses,” Peters said.
The legislation has not yet been introduced in the House.
“Our nation is increasingly vulnerable to cyberattacks every day, as the Colonial Pipeline ransomware attack showed. Cyberattacks are getting worse and more frequent while the government and critical infrastructure are more dependent on information technology,” Portman said. “Our legislation passed by the Homeland Security and Governmental Affairs Committee will provide an important emergency resource when major cyberattacks occur and overwhelm the organizations attacked.”