New bill aims to address private sector cyber risks to FEMA operations

Legislation unveiled last week offers a cybersecurity-focused amendment to the landmark Homeland Security Act of 2002, aiming to equip the Federal Emergency Management Agency with improved digital defenses. 

The FEMA Cybersecurity Improvement Act, introduced Friday by Rep. Bennie Thompson, D-Miss., would instruct the FEMA administrator to work alongside leadership at the Cybersecurity and Infrastructure Security Agency to develop best practices that private sector entities can use to mitigate cybersecurity risks that stand to impede FEMA operations. 

The proposed amendment also requires both agencies to jointly produce a report to Congress outlining the progress of its mitigation efforts.

Thompson’s amendment also proposes updates to older language to better harmonize FEMA and CISA’s roles within the Homeland Security Act and current law. 

Thompson’s amendment follows a continued onslaught of cyberattacks on critical infrastructure networks across the globe. The most recent occurrence in the U.S. happened last week, where a malicious digital actor exploited a vulnerability in Microsoft’s Exchange cloud system to compromise U.S. government-related email accounts. 

Expanding FEMA’s role in mitigating the severity and frequency of these attacks speaks to the increased severity of cyberattacks on U.S. digital infrastructure, and the role strong cybersecurity plays in national security.

CISA, along with other federal agencies like the National Institute of Standards and Technology, has been focusing on more in-depth strategies to measure and promote a strong cybersecurity posture in public and private networks.