Bacon bill seeks to sharpen federal response to cyberattacks

U.S. Rep. Don Bacon (R-NE) introduced a bill last week that would require a review of the U.S. Department of Homeland Security’s (DHS) cyberattack response plans, following high-profile ransomware attacks earlier this year on major energy and food companies.

“Americans are alarmed at the dramatic increase in cyber attacks on private companies, including the recent ransomware attacks on Colonial Pipeline and the JBS meatpacking facility in Nebraska,” Rep. Bacon said. “The federal response to these cyber incidents was inadequate and exposed gaps and confusion in how we defend our critical infrastructure.”

The Colonial Pipeline Co. attack in May was the largest-ever cyber attack on energy infrastructure and caused disruptions to fuel delivery throughout the United States. The ransomware attack that quickly followed on the world’s largest meat supplier, JBS, disrupted operations at nine U.S. meat processing plants.

Rep. Bacon on Oct. 21 sponsored the DHS Roles and Responsibilities in Cyber Space Act, H.R. 5658, which would require the Secretary of Homeland Security to submit a report on the cybersecurity roles and responsibilities of the federal government. Original cosponsors of the bipartisan bill include three members of the U.S. House Homeland Security Committee: U.S. Reps. John Katko (R-NY), Andrew Garbarino (R-NY), and Ritchie Torres (D-NY).

The bill, if enacted, would require the Secretary of Homeland Security, in coordination with the director of the Cybersecurity and Infrastructure Security Agency, to submit the report to Congress within one year.

According to the text of the bill, the report would include a review of how the federal government utilizes cyber incident response plans; an explanation of the roles and responsibilities of DHS in support of the government’s response to a cyberattack, including the responsibility of working with the private sector; an explanation of which and how authorities of DHS are utilized in the government’s response to a cyber incident; and any additional recommendations to improve the government’s response.

“It’s clear that our cyber incident response framework must evolve to match the threat,” Rep. Bacon said. “This bill will set the conditions for improvements in our national cyber defenses by requiring the Secretary of Homeland Security to conduct a thorough review of its cyber incident response plans, including how it works with private sector entities, and provide recommendations for improvement.”