Lawmakers look to grow an already lengthy to-do list at the Cybersecurity and Infrastructure Security Agency.
A bill giving the Cybersecurity and Infrastructure Security Agency authority to make grants to historically black colleges and universities to improve the nation’s cybersecurity workforce was among those clearing the Senate Homeland Security Committee Wednesday.
“We've heard over the last several months, amidst continued increased tempo of cyberattacks and ransomware attacks targeting the public and private sectors in this country from SolarWinds to the Colonial Pipeline, about the need to increase our production of a qualified cybersecurity workforce,” said Sen. Jon Ossoff, D-Ga. “The lack of qualified cybersecurity professionals is a national security vulnerability for this country.”
Ossoff introduced the bipartisan Cybersecurity Opportunity Act that passed the committee unanimously along with bills to clarify CISA’s responsibility to protect industrial control systems including at the state, local, tribal and territorial levels.
Citing the level of U.S. debt, Sen. Rick Scott, R-Fla., tried to attach an amendment that would prohibit any new funds from going toward the implementation of a bill—the Domains Critical to Homeland Security Act—proposed by Committee Ranking Member Rob Portman, R-Ohio.
“This is $1 million a year for five years for a really important program that I think all of us agree with,” Portman said. “We don't have the information. We don't know what our critical infrastructure is. We don't know what the critical domains are. What this legislation does is it requires DHS to finally do that study and actually come up with solutions as to how we can strengthen our supply chains and, specifically, it says, you know you guys have to figure out what the domains are that are critical to homeland security.”
The bill already passed the House where Portman said it would have to return if funding is removed and would be unlikely to prevail again. Scott’s amendment was defeated and the bill passed unopposed through the committee.
In the coming months, Portman plans to introduce legislation that would, among other things, update the Federal Information Security Modernization Act of 2014. Following the compromise of several federal agencies due to the attack on IT management contractor SolarWinds, Portman was especially concerned that some agencies assessed the event to be a major incident and reported it as such, while other agencies did not. The anticipated FISMA reform bill will try to clarify when reporting is required and adjust the metrics for assessing agencies’ cybersecurity posture.
On Wednesday, the committee also advanced bills to help agencies counter deepfakes and provide artificial intelligence training to procurement officials.