WASHINGTON, D.C. – U.S. Senators Angus King (I-Maine), co-chair of the Cyberspace Solarium Commission (CSC), Mike Rounds (R-S.D.), and Ben Sasse (R-Neb.), commissioner of the CSC, have introduced a multi-tiered bill to strengthen America’s cyber resilience and improve cybersecurity among the nation’s Systemically Important Critical Infrastructure (SICI). Their bipartisan Defense of United States Infrastructure Act includes a number of key CSC recommendations to address cybersecurity risks for private and public critical infrastructure, and strengthen leadership within key cyber-focused federal offices. The Senators’ legislation comes on the heels of a newly-signed National Security Memorandum aimed at strengthening cybersecurity for the nation’s critical infrastructure; if passed, the legislation would further advance these goals by providing much-needed tools and authorities to secure SICI.

“In recent months, we’ve seen our gas pipelines, food system, water systems, and more hacked and attacked – and those are just the incidents that rose to widespread awareness. These intrusions have made one thing crystal clear: America’s critical infrastructure is dangerously vulnerable to cyber disaster,” said Senator King. “In an increasingly-wired society, a targeted cyberattack could cripple key systems, cost countless lives, and have direct impacts on our everyday life. I truly believe that the next Pearl Harbor or 9/11-scale attack will be cyber in nature – but there is still time to act and prevent catastrophe. We must strengthen our cyber resilience, defend our critical infrastructure, and give our cyber leaders the tools they need to succeed – before it’s too late.”

“We cannot ignore the massive cybersecurity vulnerabilities in American infrastructure systems,” said Senator Rounds. “As we saw with the recent hacks of U.S. companies, our country must act now to identify and prevent future cyberattacks. Our bipartisan bill strengthens the United States’ cyber defense while providing additional resources and personnel for cyber agencies. As the Ranking Member of the Cybersecurity Subcommittee of the Armed Services Committee, I am glad to join my colleagues to make certain we are prepared to combat these increasingly sophisticated and targeted attacks.”

“This is the type of infrastructure we need to be focusing on and talking about. The hackings that have occurred these past few months are alarming and we need to address them now before they get worse,” said Senator Sasse. “As our world becomes more digitized the threat of cyberattacks become more dire to the well-being of our nation. This legislation will strengthen our cyber security and safeguard critical infrastructure.”

Specifically, the Defense of United States Infrastructure Act would:

• Establish the National Cyber Resilience Assistance Fund (NCRAF). The Senators’ bill would create the NCRAF to fundamentally change the way the Federal government invests in cyber and shift the focus away from reactive disaster spending towards risk-driven, proactive investments in cyber resilience.
• Protect Systemically Important Critical Infrastructure. The bill tasks the Secretary of Homeland Security with creating a new designation for the most critical of our critical infrastructure—like elements of the power grid, the financial sector, water systems, and more—whose disruption is likely to cause severe damage to national security, economic security, or public health and safety. The bill further requires the Secretary to undertake a study to determine the benefits and burdens for SICI-designated entities.
• Ensure Success for the National Cyber Director.  The legislation establishes critical hiring authorities for the newly-created Office of the National Cyber Director, ensuring that the Director will be able to attract and retain high-level talent to enhance the office’s mission.
• Strengthen the Cybersecurity and Infrastructure Security Agency. The legislation directs the CISA Director to establish the Joint Collaborative Environment, a cloud-based information sharing environment to support a whole-of-government understanding of the cyber threats facing the United States and enable public-private partnerships to confront threats. In addition, it institutes a five-year term for the Director of the Cybersecurity and Infrastructure Security Agency (CISA), allowing the agency’s leader to operate and plan without political questions. 
• Help Businesses and the American People Make Better Cyber Decisions. The legislation establishes the Bureau of Cyber Statistics, which would exist within the Department of Homeland Security to drive insights into what works and what doesn't to mitigate critical cybersecurity risk to businesses, government, and the American people. The bill further allows the Secretary of Homeland Security to designate a nonprofit, nongovernmental organization as the National Cybersecurity Certification and Labeling Authority to help critical infrastructure owners and operators better understand the security of the technology products they use as part of their operations.