The U.S. House of Representatives has recently passed multiple bills to support cybersecurity requirements for state and local governments as of July 2021. This legislation would also strengthen defenses of critical infrastructure and improve remediation measures for security measures.
Analysts expect these bills to have far-reaching effects in the way managed detection and response (MDR), managed service providers (MSPs) and managed security service providers (MSSPs) address security engagements.
State and Local Cybersecurity Improvement Act
The State and Local Cybersecurity Improvement Act was introduced in late 2020, has so far failed to receive a vote in the Senate. The goal of this bill is to assist low-level government agencies in protecting themselves against cyber attacks. The House approved a $400 million grant program in the version of this bill that it passed in 2020, but the latest version increases this figure to $500. The sponsor of this bill is Rep. Yvette Clark (D-NY), chair of the House Homeland Security Committee’s cybersecurity panel.
Cyber Exercise Act
The primary sponsor of the Cyber Exercise Act is Rep. Elissa Slotkin (D-MI). This bill would direct the Cybersecurity and Infrastructure Security Agency (CISA) to establish a cybersecurity program to test U.S. defense against attacks on critical infrastructure. It would also require CISA to assist private industry and government agencies in assessing the security of this infrastructure. State and local governments would both benefit from the Cyber Exercise Act.
Cyber Sense Act
The primary sponsors of the Cyber Sense Act are Reps. Bob Latta (R-OH) and Jerry McNerney (D-CA). This bill would require the U.S. Department of Energy (DoE) to test the cybersecurity of equipment and technologies used in the generation of commercial power. It would also require the DoE to create a program for performing these tests.
Cybersecurity Vulnerability Remediation Act
The Cybersecurity Vulnerability Remediation Act is sponsored by Rep. Sheila Jackson Lee (D-TX). It would make the Department of Homeland Security’s (DHS) responsible for remediating cybersecurity vulnerabilities. The House passed this bill in 2019, but it hasn’t received a vote in the Senate yet.
DHS Industrial Control Systems Capabilities Enhancement Act
John Katko (R-NY), ranking member of the House Homeland Security Committee, is the primary sponsor of the DHS Industrial Control Systems Capabilities Enhancement Act. This bill would make CISA responsible for maintaining the capability to identify threats to industrial control systems.
Domains Critical to Homeland Security Act
Representative Katko is also the primary sponsor of the Domains Critical to Homeland Security Act, which the House has already passed. This bill would address vulnerabilities in U.S. supply chains, largely in response to the many major attempts to compromise supply chains in the federal and private sectors during 2021. The Domains Critical to Homeland Security Act would further bolster CISA’s authority to defend supply chains and critical infrastructure from cybersecurity threats.
Energy Emergency Leadership Act
The Energy Emergency Leadership Act passed the House in 2020, and is sponsored by Bobby Rush (D-IL) and Tim Walberg (R-MI). It would create an assistant secretary-level position in the DoE to oversee emergency energy and cybersecurity missions for the nation’s energy grid. The Senate would need to confirm the appointment for this position.
The Enhancing Grid Security Through Public-Private Partnerships Act
The Enhancing Grid Security Through Public-Private Partnerships Act also passed the House in 2020, and is sponsored by Bob Latta (R-OH) and Rep. Jerry McNerney (D-CA). It would require the DoE to support partnerships between public and private organizations to address security risks of electric utilities.
If you’re concerned about rising attack frequency and costs associated with cybercrime and are ready to teach your employees how to recognize and fend off phishing attempts, contact Xantrion to learn more about our managed security services.