Reps. Mike Gallagher, R-Wis., and Abigail Spanberger, D-Va., introduced new legislation this week that looks to strengthen U.S. defenses against potential cyberattacks by calling on the secretary of Homeland Security to establish a National Risk Management Cycle.
The bipartisan National Risk Management Act of 2023 aims to strengthen the defense of critical infrastructure sectors. Specifically, the secretary would need to establish a recurring process to identify and assess risks to critical infrastructure, including both cyber and physical threats.
“Our adversaries continue to launch cyberattacks against us that cripple our infrastructure, steal our intellectual property, and harm our economy,” Rep. Gallagher said in a press release. “Establishing a National Risk Management Cycle is basic cybersecurity hygiene and a common-sense step we can take to ensure our businesses and critical infrastructure are hard targets.”
“The threats to our national security are increasingly complex. Families, businesses, and communities across our country are vulnerable to sophisticated cyber threats, destabilizing attacks on our critical infrastructure, and foreign interference,” added Rep. Spanberger. “I’m proud to join Congressman Mike Gallagher in taking serious steps to strengthen our nation’s defenses against cyberthreats and build more resilient infrastructure.”
Under the bill, the DHS secretary would be required to consult with Sector Risk Management Agencies (SRMAs), critical infrastructure owners and operators, the assistant to the president for national security affairs, the assistant to the president for homeland security, and the national cyber director, to develop the National Risk Management Cycle.
According to the bill text, this recurring process would analyze the likelihoods of identified threats to critical infrastructure, vulnerabilities of critical infrastructure systems, and the consequences of such threats to critical functions.
The secretary would also be required to submit a report to the president, the Senate Committee on Homeland Security and Governmental Affairs, and the House Committee on Homeland Security on the cybersecurity and physical threats identified in the process.
The secretary’s report would help to inform a “national critical infrastructure resilience strategy” to be developed by the president no later than one year after receiving the report.