The Home has handed a package deal of 5 bipartisan payments that may assist state and native governments’ cybersecurity wants, develop incident remediation capabilities and fortify crucial infrastructure cyber defenses.
The legislative milestones, which can affect how MSSPs, MSPs and MDR (managed detection and response) service suppliers sort out cybersecurity engagements, embody:
1. The State and Local Cybersecurity Improvement Act establishes a $500 million grant program, up from the $400 million accepted by the Home final yr. It goals to assist lower-level authorities companies erect digital obstacles to cyber assaults. The measure, sponsored by Rep. Yvette Clark (D-NY), who chairs the Home Homeland Safety Committee’s cybersecurity panel, was first launched in late 2020 however didn’t obtain a vote within the Senate.
2. The Cybersecurity Vulnerability Remediation Act, sponsored by Rep. Sheila Jackson Lee (D-TX), provides remediation of cybersecurity vulnerabilities to the Division of Homeland Safety’s (DHS) duties. The invoice beforehand handed the Home in 2019 however didn’t obtain a vote within the Senate.
3. The Cyber Exercise Act would direct the Cybersecurity and Infrastructure Safety Company (CISA) to create a special cybersecurity program to check the nation’s crucial infrastructure defenses to thwart assaults. The measure would require CISA to help state and native governments and personal business to evaluate the protection and safety of crucial infrastructure. The invoice’s major sponsor is Rep. Elissa Slotkin (D-MI).
4. The Cyber Sense Act would require the Division of Vitality to check the cybersecurity of merchandise and applied sciences meant to be used within the bulk-power system. The measure’s major sponsors are Reps. Bob Latta (R-OH) and Jerry McNerney (D-CA). The invoice would require the Vitality division to establish a program to check the cybersecurity of merchandise tagged to be used within the bulk energy system.
5. The DHS Industrial Control Systems Capabilities Enhancement Act offers CISA the duty to take care of capabilities to determine threats to industrial management techniques. Home Homeland Safety Committee rating member John Katko (R-NY) is the first sponsor of the laws.
Bonus: The Home additionally handed Katko’s Domains Critical to Homeland Security Act geared toward addressing vulnerabilities in U.S. provide chains.
“We should proceed bolstering CISA’s authorities to defend our federal networks and the nation’s crucial infrastructure from cyber threats,” Katko mentioned. “Already this yr, the nation has confronted quite a few main makes an attempt to compromise federal and personal sector networks.”
U.S. Vitality Grid Safety
The bundle of laws got here instantly following the Home’s approval of two bills designed to guard the nation’s power grid, each of which the decrease chamber handed final yr. The Energy Emergency Leadership Act, backed by Bobby Rush (D-IL) and Rep. Tim Walberg (R-MI), would guarantee a Senate-confirmed, assistant secretary-level head of the Vitality Division’s power emergency and cybersecurity missions to supervise the nation’s energy grid.
The Enhancing Grid Security Through Public-Private Partnerships Act, sponsored by Bob Latta (R-OH) and Rep. Jerry McNerney (D-CA), would direct the Division of Vitality to facilitate and encourage public-private partnerships to deal with safety dangers going through electrical utilities.
Whereas the Senate has confirmed to be a Congressional graveyard for Home handed cybersecurity laws in the previous few years, the straps have considerably loosened largely owing to the collection of harmful ransomware assaults which have hit crucial infrastructure, prompting some recalcitrant lawmakers to rethink their positions.
MSP Software program and IT Service Suppliers Beneath the Microscope
Among the many assaults that U.S. lawmakers have been watching carefully: The Kaseya VSA cyberattack on July 2, 2021. The REvil Ransomware assault prolonged ransomware to roughly 50 MSPs and 1,500 downstream clients, and in addition brought about hundreds of MSPs to lose distant monitoring and administration (RMM) capabilities for greater than per week.
Forward of the Kaseya VSA assault, President Biden in Might 2021 issued a cybersecurity executive order that included up to date steerage for IT service suppliers.