March 14, 2022 | The Hill

Reconciliation of China bills in Congress could produce big cybersecurity wins

March 14, 2022 | The Hill

Reconciliation of China bills in Congress could produce big cybersecurity wins

Excerpt

Congress deserves mixed grades for its recent efforts to strengthen the nation’s cybersecurity and improve the resilience of its critical infrastructure. If Republicans and Democrats can find a path forward to integrate the Senate’s U.S. Innovation and Competition Act (USICA) with the House’s America COMPETES Act, Congress could make substantial, long-term investments in America’s technology future.

The two bills would build upon important but insufficient cybersecurity provisions in recent legislation. The Infrastructure Investment and Jobs Act, which President Biden signed into law in November, contained $1 billion to enhance the cybersecurity of state and local governments and established a Response and Recovery Fund for major cyber incidents. Yet that law’s support to specific critical infrastructure sectors was inconsistent and missed some glaring weaknesses, such as those of the water sector.

Similarly, the National Defense Authorization Act (NDAA) for Fiscal Year 2022, which the president signed into law in December, had 40 cybersecurity-specific authorizations. But during conference, Congress dropped some of the most significant provisions, such as mandatory incident reporting.

Retired Rear Admiral Mark Montgomery is a senior fellow at the Foundation for Defense of Democracies (@FDD) and senior director of FDD’s Center on Cyber and Technology Innovation (CCTI). He previously served as a senior adviser to the Cyberspace Solarium Commission. Annie Fixler is deputy director of CCTI. Follow the authors on Twitter @MarkCMontgomery and @AFixler. FDD is a Washington, D.C.-based, nonpartisan research institute focusing on national security and foreign policy.

Read in The Hill

Issues:

Cyber