Peters Provision to Create Significant Incident Declaration for Major Cyber-Attacks Passes Senate as Part of Competitiveness Bill

WASHINGTON, D.C. - A provision authored by U.S. Senator Gary Peters (MI), Chairman of the Homeland Security and Governmental Affairs Committee, passed the Senate as a part of a legislative package to strengthen national security, boost American competitiveness on the global stage, and lessen our dependence on adversarial governments, like China and Russia. The provision would provide additional resources and better coordination for serious cyber-attacks or breaches that risk the safety and security of Americans. American information networks have recently seen a significant rise in ransomware attacks, including dangerous breaches of a major oil pipeline, the New York City transportation system and meatpacking centers across the nation.

The provision would help improve the federal response to cyber breaches, such as the recent attack against the Colonial Pipeline. The provision also establishes a Cyber Response and Recovery Fund for the Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA) to provide direct support to public or private entities as they respond to and recover from significant cyber-attacks and breaches, following a declaration of a significant incident by the Secretary of Homeland Security.

'Over the past few months, we have seen foreign adversaries and criminal organizations relentlessly attack American networks. As we saw from the recent attack against Colonial Pipeline - these breaches can have devastating effects on our daily lives,' said Senator Peters. 'My bipartisan provision will help strengthen our response to online assaults from bad actors to ensure we are providing the public and private sector with the resources to recover from attacks and help protect our nation's critical infrastructure. I look forward to seeing this important provision signed into law and will continue my efforts to bolster our nation's cyber defenses.'

'Our nation is increasingly vulnerable to cyberattacks every day, as the Colonial Pipeline ransomware attack showed. Cyberattacks are getting worse and more frequent while the government and critical infrastructure are more dependent on information technology,' said Senator Portman, a coauthor of the provision. 'Our legislation passed by the Senate will provide important emergency resources when major cyberattacks occur and overwhelm the organizations attacked.'

The provision, which is based on the Cyber Response and Recovery Act, would create an authority for the Secretary of Homeland Security, in consultation with the National Cyber Director, to declare a Significant Incident in the event of an ongoing or imminent attack that would impact national security, economic security, or government operations. This declaration would empower CISA to coordinate federal and non-federal response efforts, and allow the Secretary access to a Cyber Response and Recovery Fund that would help support federal and non-federal entities impacted by the event. The provision would authorize $20 million over seven years for the fund and would require DHS to report to Congress on its use.

As Chairman of the Homeland Security and Governmental Affairs Committee, Peters has led efforts to bolster our nation's cybersecurity defenses. Peters recently convened a hearing with the Chief Executive Officer of Colonial Pipeline, to examine a recent hack against the company. As a part of the American Rescue Plan Act, Peters helped secure nearly $2 billion to modernize and secure information systems critical to the federal pandemic response. In April, the Senate also passed his provision to help protect our nation's public water infrastructure technology systems, following recent cyber-attacks on water utilities. Last Congress, the Senate unanimously approved Peters' bill to strengthen cybersecurity coordination between DHS and state and local governments. Peters has also pushed bipartisan legislation to improve access to cybersecurity resources and training for small businesses and to support K-12 schools with the resources they need to bolster their cybersecurity.

###