

Jacob Hafey
Data Governance
In May 2022, the United States Congress made major progress on cybersecurity legislation – particularly with regards to interagency coordination and digital upskilling. The push for greater public sector cyber capabilities and resiliency is set against the backdrop of security woes tied to the ongoing conflict in Ukraine, the discovery of the major Log4j vulnerability, an uptick in ransomware attacks that may have cost businesses upwards of $2 billion since 2019, and other factors that have prompted Congress to pass laws to protect federal assets and critical infrastructure.
The federal government has already taken several steps towards bolstering American cybersecurity capabilities in 2022. Going into the new year, the 2022 National Defense Authorization Act established initiatives like the CyberSentry program to help critical infrastructure operators detect cyber-attacks, and last November’s trillion-dollar Infrastructure Investment and Jobs Act spending package included nearly $2 billion in cybersecurity funds.
After some delay, Congress also approved the Consolidated Appropriations Act, 2022 on March 15. This omnibus spending legislation featured a $2.59 billion budget for the Cybersecurity and Infrastructure Security Agency (CISA) – $460 million more than the Biden administration had requested – as well as a cyber incident reporting mandate requiring entities in the critical infrastructure sector to report cyber incidents to CISA within 72 hours or 24 hours if they experience a ransomware attack.
The following bills have either been signed into law or have progressed significantly in Congress so far this May:
Lastly, House and Senate leadership are still in conference committee to negotiate what will be included in the final text of the long-awaited America COMPETES Act. This legislation, originally conceived in the Senate in April 2021 as the United States Innovation and Competition Act (USICA), is notable for proposing more than $50 billion in funding for the domestic semiconductor industry. The House version of the bill also contains significant measures related to cybersecurity, including the creation of programs such as an ROTC-style “CyberCorps” scholarship for the federal cybersecurity workforce; the “Critical Technology Security Centers” to evaluate and test the security of technologies essential to national critical functions; and international capacity-building programs to improve cybersecurity both in the US and among its allies. These provisions are subject to changes or outright deletion during the ongoing conference committee. Current estimates suggest that negotiations may continue as late as July before a final version of the text is agreed upon.
Access Partnership is closely monitoring these legislative processes and provides comprehensive analysis to our partners and clients on how they affect their business. For more information on US cybersecurity legislation, please contact Jacob Hafey at [email protected], Erik Jacobs [email protected] or Christopher Martin [email protected].
Subscribe to our news alerts here.