WASHINGTON, D.C. – Today, U.S. Senator Jacky Rosen (D-NV), a member of the Senate Homeland Security and Governmental Affairs Committee (HSGAC), introduced the CISA Cyber Exercise Act with Senators Ben Sasse (R-NE) and Angus King (I-ME). The bipartisan bill would provide American businesses and state and local governments with model exercises to test their critical infrastructure against the threat of cyberattacks, and establish in the Cybersecurity and Infrastructure Security Agency (CISA) a National Cyber Exercise Program to test the U.S. response plan for major cyber incidents. Identical legislation introduced in the U.S. House of Representatives by Reps. Elissa Slotkin (D-MI) and Mike Gallagher (R-WI) passed the House as a standalone bill and was also included in the House-passed National Defense Authorization Act for Fiscal Year 2022. 

“Recent and unprecedented cyberattacks targeting critical infrastructure have exposed significant vulnerabilities in our networks. The Federal Government must take proactive steps to partner with states, local communities, and private industries to enhance the resilience and security of critical infrastructure,” said Senator Rosen. “I’m proud to introduce bipartisan legislation during National Cybersecurity Awareness Month with Senators Sasse and King to solidify CISA’s role in testing critical infrastructure readiness and provide local governments and private entities with easily adaptable cyber exercises. Together, we can protect our nation from cyberattacks targeting assets that are essential to the functioning of our economy and society.”

“The threat of cyberattacks is increasing and we need to make sure CISA and other relevant intelligence agencies have all the tools they need to combat the onslaught,” said Senator Sasse. “These attacks are real and urgent, and this legislation would help ensure the U.S. is prepared to respond effectively to the next attack and better protect our critical infrastructure.”

“One of the most effective ways to prevent cyberattacks and protect America’s critical infrastructure is to regularly and mercilessly test our network; we know our adversaries are. In recent years, we’ve seen our foes continuously attempt – and in too many cases, succeed – to take down vital U.S. assets in cyberspace. In the face of these threats, we need to ensure that we are prepared to protect ourselves against future attacks,” said Senator King. “The CISA Cyber Exercise Act will build on existing efforts to regularly test the resilience and response of America’s critical infrastructure. By creating tools for our partners in local and state governments and the private sector, we can help them keep Americans safe and strengthen our nation’s cybersecurity posture.”

BACKGROUND: The CISA Cyber Exercise Act directs the Cybersecurity and Infrastructure Security Agency (CISA) within the Department of Homeland Security (DHS) to build on its existing work by establishing a National Cyber Exercise Program, in order to test U.S. response plans for major cyber incidents. The bill directs CISA to include a set of model exercises — which could be readily used by state and local governments and private sector businesses to test the safety and security of their own critical infrastructure. Additionally, the bill requires CISA to help those entities design, implement, and evaluate the exercises.

 ###