New Cybersecurity Bill Aimed at Critical Infrastructure Defense
The United States Senate has passed a legislative package – The Strengthening American Cybersecurity Act of 2022 – addressing national cybersecurity needs in response to ongoing tensions in eastern Europe.
The package, introduced by U.S. Senator Gary Peters (D-Mich.), was unanimously passed on March 1 in response to the increasing need for the protection of critical government infrastructure as cyber-attacks from eastern Europe continue to rise amid escalating conflict in that region.
While President Joe Biden continues to advocate for peace, other branches of the U.S. government and allied nations are preparing their infrastructure by tightening security and standing up airtight cyber solutions. Here’s a look into the Strengthening American Cybersecurity Act:
Read our recent blog to learn more about the impact of cyberwarfare during times of political unrest.
The Strengthening American Cybersecurity Act of 2022
The bill consists of three different regulations:
- Federal Information Security Modernization Act of 2022
- Cyber Incident Reporting for Critical Infrastructure Act of 2022
- Federal Secure Cloud Improvement and Jobs Act of 2022
The bill seeks to act as additional cybersecurity procedure for the federal government and will amend, modernize, and unify cybersecurity best practices at a federal government level, setting the standard for the U.S. and following in suit of its allied counterparts.
The Federal Information Security Modernization Act
The Federal Information Security Modernization Act is the first of the three acts outlined in the strengthening cybersecurity bill. Of note in this act is the update of federal cyber laws to improve coordination and communication between agencies and require those groups to share cyber incident information with the Cybersecurity and Infrastructure Security Agency (CISA).
This act seeks to do the following:
- Amend existing regulation to improve federal cybersecurity
- Enhance federal incident transparency and notification expectations
- Add to FISMA guidance
- Enhance mobile security
- Implement zero trust architecture
- Codify vulnerability disclosure programs
- Automate reports
- Establish inventory
- Gather quantitative metrics
- Secure physical operations centers
The Cyber Incident Reporting for Critical Infrastructure Act
The Cyber Incident Reporting for Critical Infrastructure Act of 2022 is the second of the three acts outlined in the strengthening cybersecurity bill. Of note in this act is the requirement for companies to report substantial cyberattacks within 72 hours and ransomware payments within 24 hours to CISA.
This act seeks to address the following:
- Cyber incident reporting
- Federal incident report sharing
- Ransomware vulnerability warning programs
- Ransomware threat mitigation activities
- Congressional reporting
The Federal Secure Cloud Improvement and Jobs Act
The Federal Secure Cloud Improvement and Jobs Act of 2022 is the third and final of the three acts outlined in the strengthening cybersecurity bill. This act, which was passed in December 2021, helps streamline the process in which federal agencies can receive approval for using cloud technologies. These modernization efforts will help to strengthen the overall cybersecurity posture of government branches.
Why Cyber Resilience and Why Now?
While the ongoing conflict in Europe escalates, understanding and mitigating sponsored cyberattacks against critical infrastructure across the US and other allies is more important than ever. Implementing and understanding the benefits of a preemptive attack defense as concerns of cyberwarfare arise throughout NATO and other key regions of Europe is imperative in maintaining a strong defense strategy.
By standing up the Strengthening American Cybersecurity Act of 2022, the U.S. government is following the standard set by agencies like CISA and ENISA, echoing concerns and solidifying the importance of cyber awareness and resilience on a global scale during times of political unrest.
Read our recent cyber resilience blog to learn more about the impact of cyberwarfare during times of political unrest.