The top Democrat and Republican on the Senate Homeland Security Committee are considering introducing and marking up new cybersecurity legislation soon and want the White House and federal agencies to quickly weigh in on several questions regarding new powers the government needs and ongoing efforts by federal agencies to contend with ransomware attacks.
“The federal government needs to do more to support partners in the public and private sectors as they work to secure their systems against ransomware attackers and punish the bad actors that perpetrate these crimes to deter future attacks,” Sens. Gary Peters (D-Mich.) and Rob Portman (R-Ohio), the chairman and ranking member respectively of the Homeland Security and Governmental Affairs Committee, wrote in a June 10 letter to acting Office of Management and Budget Director Shalanda Young and National Security Advisor Jake Sullivan.
The two senators also say that the private sector must do its part.
“We must also encourage critical infrastructure companies to assess their own risk and mitigate this threat,” they wrote in the letter, which was released by the committee last Friday. “Otherwise, our national security, economic security, and the stability of daily life in this country will continue to be in jeopardy. The only way that we as a nation can fight this persistent and growing threat is through action.”
Peters and Portman seek answers to three questions. First is they want “Information on strategies that relevant federal agencies are developing and implementing to combat ransomware attacks.” Second, the senators want to know what new authorities or modifications to existing authorities are needed to “further empower relevant federal agencies to combat ransomware attacks and respond when they do occur.” Finally, they will take any “suggestions” as Congress considers legislation and oversight related to ransomware attacks.
The committee on June 8 held a hearing on the recent Colonial Pipeline ransomware attack and June 10 held confirmation hearings for two key Biden administration cybersecurity nominees. At the second hearing, Sen. Josh Hawley (R-Mo.) asked the nominees whether the government should mandate cybersecurity standards for critical infrastructure entities in the private sector.
Both Chris Inglis, President Joe Biden’s pick to be the first National Cyber Director, and Jen Easterly, the choice to lead the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, told Hawley that current policies that rely on companies to secure their networks voluntarily aren’t working.
Last week, the Senate passed legislation that included a provision authored by Peters and Portman that would authorize a $20 million cyber response and recovery fund over seven years for DHS to help federal and private sector entities impacted by a significant cyber incident.
The provision for the cyber response fund was part of the U.S. Competition and Innovation Act, which now goes to the House for consideration.
Peters and Portman said in their June 10 letter that they are considering introducing and marking up their new legislation before the Senate goes on recess in August.