The Senate Homeland Security and Governmental Affairs Committee on Wednesday approved a slew of bipartisan bills aimed at bolstering the nation’s cybersecurity posture, prohibiting federal purchases of drones from certain countries, and safeguarding U.S. innovation and privacy protections related to the procurement of systems enabled by artificial intelligence.
The Cyber Response and Recovery Act (S. 1316), which advanced on a voice vote, would authorize a $20 million fund and enable the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) to help government and private sector entities respond to significant incidents impacting critical infrastructure.
The bill, which is co-sponsored by Sens. Gary Peters (D-Mich.), the committee chairman, and Rob Portman (R-Ohio), the ranking member, has the support of DHS. Brandon Wales, the acting director of CISA, told the committee on Tuesday that a Cyber Response and Recover Fund would allow his agency to surge capacity and resources in response to cyber incident affecting public and private sector entities, particularly those that lack the resources to fend for themselves.
The support CISA would provide includes vulnerability assessments and mitigation, malware analysis, analytic support, network protections, and threat detection and hunting.
A declaration of a significant incident would be made by the DHS secretary in consultation with the White House National Cyber Director, according to the bill.
The Biden administration previously said it plans to request $20 million for the fund in fiscal year 2022.
“The most recent attack against a major U.S. pipeline, which has real-world consequences on the lives of millions, shows that whether it is criminal organizations or foreign governments, bad actors will always look to exploit cybersecurity vulnerabilities to cause disruptions to American life,” Peter said in a statement. “This is why it is essential we work to keep our nation’s critical infrastructure safe from cyber-attacks and enable our national security apparatus to better coordinate response and recovery efforts for breaches.”
The fund would also be available for grants or cooperative agreements with public and private entities for replacing, hardening or enhancing hardware and software, and technical support personnel.
The committee also approved the American Security Drone Act of 2021 (S. 73) that would prohibit federal departments and agencies from purchasing and operating unmanned aircraft systems provided by “covered foreign entities.” The bill is largely aimed at Chinese-made drones out of concern the information gathered during operation of the UAS could be obtained by China’s Communist Party.
The drone bill, introduced by Sen. Rick Scott (R-Fla.), would exempt the Departments of Defense, Homeland Security and Justice, and Federal Aviation Administration, National Transportation Safety Board and National Oceanic and Atmospheric Administration for certain testing and training aspects of drones purchased from covered entities.
The bill also requires an independent study by a federally funded research and development center within three years of enactment to examine the current and future global and domestic markets for UAS, the ability of the domestic market to keep pace with industry innovations, and the ability of domestic market to provide UAS that meet national security network security and data protection requirements.
The committee also approved the Federal Rotational Cyber Workforce Program Act (S. 1097) that directs federal agencies to designate cyber workforce positions to enable personnel in these jobs to rotate between agencies for up to a year, essentially broadening and enhancing the cybersecurity experiences and capabilities of personnel and departments.
Another bill, the Civilian Cyber Security Reserve Act (S. 1324), sponsored by Sen. Jacky Rosen (D-Nev.) was pulled from consideration and is expected to be marked up in June. Rosen’s bill would allow DHS and DoD to establish pilot projects for civilian cybersecurity reserves in the same way the military departments maintain reserve forces for part-time work and call-ups.
A bill to ban the Chinese social media app TikTok from government devices was also approved by the panel. Sen. Josh Hawley (R-Mo.), who introduced the No TikTok on Government Devices Act (S. 1143), said in a statement that “Banning TikTok from government devices is a good first step towards taking Chinese espionage seriously.”