Sens. Maggie Hassan, D-N.H., and Ben Sasse, R-Neb., have introduced the National Risk Management Act, which would ensure that the Department of Homeland Security (DHS) is properly identifying and addressing risks to the nation’s critical infrastructure (CI).
“When a criminal shuts down a hospital system to get a ransomware payment or a foreign adversary hacks government agencies, we face grave threats to our national security and well-being,” said Sen. Hassan. “We must stay ahead of emerging threats to critical infrastructure, and I am glad to work across the aisle to help ensure that the administration and Congress are working together to make our critical infrastructure sectors more secure.”
Specifically, the legislation would strengthen CI security by mandating DHS’s Cybersecurity and Infrastructure Security Agency (CISA) component to continually conduct a five-year National Risk Management Cycle. At the start of each five-year cycle, CISA would be tasked with identifying and prioritizing risks to CI in a report to both the president and Congress.
The president would then be required to submit a report to Congress on how their administration will address the risks, as well as any action the White House feels Congress needs to take. The bill’s cosponsors said the cycle will repeat itself to ensure that each administration “stays ahead of emerging threats to critical infrastructure.”
“The rules of war are being re-written. China and Russia are increasingly brazen in their use of cyber tools to get inside American critical infrastructure networks,” said Sen. Sasse. “These critical systems must be more resilient. It’s time to get serious about the future of war and how we protect the systems that allow our daily life to run smoothly.”
The legislation comes in the wake of a report from the Office of the Director of National Intelligence (ODNI) earlier this month, which warned that the United States and its allies face “a diverse array” of threats to national security, including increased cyber threats from adversaries.
The 2021 Annual Threat Assessment of the U.S. Intelligence Community says China, Russia, Iran, and North Korea all “have demonstrated the capability and intent to advance their interests at the expense of the United States and its allies, despite the pandemic.”
“Foreign states use cyber operations to steal information, influence populations, and damage industry, including physical and digital critical infrastructure. Although an increasing number of countries and nonstate actors have these capabilities, we remain most concerned about Russia, China, Iran, and North Korea,” the report says.