The Senate Homeland Security and Governmental Affairs Committee voted today to approve several cybersecurity-related bills, including the Cybersecurity Awareness Act of 2023, and the DHS International Cyber Partner Act of 2023.
The committee’s vote to approve the bills sends them to the full Senate for further consideration.
The panel voted 10-2 to approve the Cybersecurity Awareness Act, which would require the Cybersecurity and Infrastructure Security Agency (CISA) to increase its outreach to the most frequent targets of ransomware – including underserved communities that lack access to cybersecurity education.
Committee Chairman Gary Peters, D-Mich., and Sen. Bill Cassidy, R-La., introduced the bill last week.
“Defending against persistent and evolving cyber-security threats will take an all-hands-on-deck effort,” Sen. Peters said in a statement when he introduced the measure. “This bipartisan legislation will help ensure that everyone is playing their part in preventing network breaches that can compromise personal and sensitive information and disrupt national and economic security.”
The bill would direct CISA to provide regular guidance and resources to the public and private sectors on best practices related to cybersecurity – such as enabling multifactor authentication and utilizing unique, strong passwords for each account.
The legislation would also ensure that CISA increases its outreach to the most frequent targets of ransomware – including small businesses – as well as underserved communities that often lack access to cybersecurity education.
It’s become increasingly clear that ransomware will continue to be a common, and costly, cyber threat.
According to Verizon’s recent Annual Data Breach Investigations Report, ransomware incidents held steady at 24 percent of breaches measured through October 2022 and covered in the report released earlier this month. However, ransomware was everywhere: 91 percent of industries cited ransomware as one of the top issues they dealt with over the 12-month period.
Separately, the committee voted 9-3 to approve the DHS International Cyber Partner Act, which would authorize the Department of Homeland Security (DHS) and CISA “to work with international partners on cybersecurity, and for other purposes,” and assign U.S. personnel to foreign locations to support DHS missions.
Text of the legislation does not designate specific countries that would receive U.S. help on cybersecurity, but Sen. Peters mentioned the current situations in Ukraine and Taiwan today as he spoke in support of the bill. He said that engaging with foreign nations on security matters would also have the effect of improving U.S. cybersecurity through improved information sharing.
Sen. Rand Paul, R-Ky., the committee’s ranking member, voted against the bill while saying that the U.S. need not act as the “sugar daddy” for other nations on cybersecurity, and if it does so, “maybe we should charge them.”
He also warned that since some of the cybersecurity information that the U.S. may share with foreign nations would have offensive capabilities, the U.S. could have “culpability” if other nations used it in that way.