Sens. Rob Portman, R-Ohio, and Gary Peters, D-Mich., introduced the Cyber Response and Recovery Act, which would authorize $20 million of spending to support Federal and non-Federal entities impacted by major cyber events, according to an April 23 press release.
In addition to the recovery fund, the bill would also authorize the Secretary of Homeland Security to declare a “Significant Cyber Incident” after a breach of public and private networks.
“The multiple recent cyberattacks from sophisticated malicious actors against U.S. government clearly demonstrate our vulnerability to attack,” Sen. Portman said in the release. “These cyberattacks will continue, and we must ensure that we have the capacity to respond when they do. This bipartisan bill will provide emergency resources when impacted organizations are overwhelmed and unable to respond to a debilitating attack.”
The cyber response fund would be established for the Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA) to use to help entities respond to a major cyber event.
The DHS secretary would have to consult the National Cyber Director to declare the cyber incident “significant,” and such a declaration could be triggered in the event of a cyberattack that threatens national security, government operations, or the government itself. The bill would also put CISA in charge of coordinating the Federal and non-Federal response to any significant cyber event.
“Extensive breaches and attacks of public and private networks in just the last few months have compromised our national security and shown our nation is not adequately prepared to tackle evolving cyber threats,” Sen. Peters said in the same release. “As these challenges continue to grow, our national security apparatus needs more tools and resources to improve our response to these threats and defend against cyber-attacks from our foreign adversaries.”
Recent cyberattacks have led to public-private unified coordination groups to respond, but this bill would lay the framework for how the government responds to future adversarial attacks. Sens. Peters and Portman introduced a bill that would mandate timely reporting of cyberattacks in the last Congress, but it did not advance before the end of the session.