October 20, 2021
WASHINGTON, D.C. – U.S. Senator Angus King (I-Maine), co-chair of the Cyberspace Solarium Commission, is introducing bipartisan legislation to improve cybersecurity for America’s critical infrastructure. The CISA Cyber Exercise Act, led by Senators King, Jacky Rosen (D-Nev.), and Ben Sasse (R-Neb.), would provide American businesses and state and local governments with model exercises to test their critical infrastructure against the threat of cyberattacks, and establish a National Cyber Exercise Program in the Cybersecurity and Infrastructure Security Agency (CISA) that would regularly test the U.S. response plan for major cyber incidents. Senator King has been one of Congress’ leading advocates for increased testing within America’s cyberspace operations – he routinely pushes top regulators to “be brutal in testing” critical infrastructure to identify any vulnerabilities for potential cyberattacks.
“One of the most effective ways to prevent cyberattacks and protect America’s critical infrastructure is to regularly and mercilessly test our network; we know our adversaries are. In recent years, we’ve seen our foes continuously attempt – and in too many cases, succeed – to take down vital U.S. assets in cyberspace. In the face of these threats, we need to ensure that we are prepared to protect ourselves against future attacks,” said Senator King. “The CISA Cyber Exercise Act will build on existing efforts to regularly test the resilience and response of America’s critical infrastructure. By creating tools for our partners in local and state governments and the private sector, we can help them keep Americans safe and strengthen our nation’s cybersecurity posture.”
The CISA Cyber Exercise Act directs the Cybersecurity and Infrastructure Security Agency (CISA) within the Department of Homeland Security (DHS) to build on its ongoing work by establishing a National Cyber Exercise Program, in order to test U.S. response plans for major cyber incidents. The bill directs CISA to include a set of model exercises — which could be readily used by state and local governments and private sector businesses to test the safety and security of their own critical infrastructure. Additionally, the bill requires CISA to help those entities design, implement, and evaluate the exercises.
As a member of the Senate Armed Services Committee, the Senate Select Committee on Intelligence, and co-chair of the Cyberspace Solarium Commission, Senator King is recognized as one of Congress’s leading experts on cyberdefense and a strong advocate for a forward-thinking cyberstrategy that emphasizes layered cyberdeterrence. He celebrated the swearing-in of former CSC commissioner, Chris Inglis, as the inaugural National Cyber Director (NCD). The NCD was included in the 25 bipartisan cybersecurity recommendations from the Cyberspace Solarium Commission passed through the National Defense Authorization Act (NDAA) for Fiscal Year 2021, which Senator King voted for.
The CSC was established by statute in the 2019 NDAA, officially launched in April 2019, and will continue to execute its statutory mission through December 2021 – most recently announcing its “progress report” with 75 percent of its recommendations either having become policy or nearly there. The Commissioners convene nearly every Monday that Congress is in session, and its staff has conducted more than 400 engagements, drawing upon the expertise of corporate leaders, federal, state and local officials, academics, and cybersecurity experts. The meetings and the ensuing report sought to strengthen America’s posture in cyberspace and identify opportunities to improve our national preparedness to defend ourselves against cyberattacks.