In a meeting today, a United States Senate committee examined new measures to enhance federal reporting for cybersecurity vulnerabilities that threaten “critical infrastructure”. They convened in an attempt to establish new support for state and local governments confronting threats like ransomware.
A new era in homeland security?
The centerpiece of the March 11 hearing of the Committee on Homeland Security is bill S. 3045, the Cybersecurity Vulnerability Identification and Notification Act of 2019. First introduced in December, the new bill looks to amend the landmark Homeland Security Act of 2002 to include new provisions aimed specifically at cybersecurity.
The “Cybersecurity Vulnerability Identification and Notification Act” specifically targets instances when the Cybersecurity and Infrastructure Security Agency (CISA) identifies cyber vulnerabilities in critical infrastructure that they cannot report. The bill authorizes CISA to subpoena for this information when they discover vulnerabilities.
Committee Chairman Ron Johnson (R-WI) said of the bill:
“This is an incredibly important piece of legislation. I know there’s some concern about it, I think because there’s misinformation.”
Fighting ransomware from the federal level
Another subject of today’s meeting was the Cybersecurity State Coordinator Act of 2020, which also looks to expand CISA’s purview. Sponsored by Sen. Margaret Hassan (D-NH), the bill looks to spread federal protections coping with cyber threats that states may lack the infrastructure to cope with themselves — specifically citing ransomware.
The Cybersecurity State Coordinator Act would require the director of CISA to appoint a separate coordinator of cyber defenses for each of the 50 states. This would facilitate “the sharing of cyber threat information between Federal and non-Federal entities.”
Municipal governments have struggled to manage the threat of ransomware. The city government of Atlanta famously fell victim to ransomware back in 2018. More recently, the South African city of Johannesburg experienced a similar attack in October of 2019.