US Congress discusses new responsibilities for cybersecurity agency CISA

US lawmakers have approved multiple bills to expand the scope of the US Cybersecurity and Infrastructure Security Agency (CISA), empowering it to safeguard open-source software, protect critical infrastructure, and strengthen the cybersecurity workforce. The Senate Homeland Security and Governmental Affairs Committee advanced a bill requiring CISA to establish a clearinghouse for commercial public satellite systems and develop voluntary cybersecurity recommendations for the space sector. They also endorsed legislation to create a pilot civilian cyber reserve program under CISA’s jurisdiction.

In parallel, the House Homeland Security Committee progressed bills that mandate collaboration between CISA and the open-source community to enhance security, establish risk assessment frameworks for open-source components used by federal agencies, and grant CISA the authority to train non-cybersecurity personnel within the Department of Homeland Security for cybersecurity roles.

These legislative efforts reflect the Biden administration’s and Congress’s heightened attention to cybersecurity risks, particularly those menacing critical infrastructure. The actions stem from concerns over past inaction and a perceived lack of responsiveness from the government and industry in addressing vulnerabilities.

Concerns regarding CISA’s authority becoming akin to a regulatory agency are anticipated to be a significant point of contention among Republicans. For instance, Senator Rand Paul, a Republican from Kentucky, has voiced his belief that Congress should aim to restrict the power of the Cybersecurity and Infrastructure Security Agency (CISA) rather than expand it.