Defense of United States Infrastructure Act of 2021

Defense of United States Infrastructure Act of 2021

This bill sets out programs and requirements related to critical infrastructure and cybersecurity threats.

The bill establishes a grant program to address cybersecurity risks to critical infrastructure and requires the establishment of cybersecurity-focused critical technology centers.

The bill limits to five years the term of the Cybersecurity and Infrastructure Security Agency (CISA) director. Additionally, CISA must establish an information-sharing environment that integrates cyber threat information for use by federal programs. CISA must work with the White House Office of the National Cyber Director to allow private-sector participation in the environment. The Department of Homeland Security (DHS) must develop guidelines for, and the Privacy and Civil Liberties Oversight Board and others must conduct oversight of, the environment.

DHS may designate entities as systemically important critical infrastructure. DHS must develop an appropriate methodology before designating entities.

DHS must create a voluntary program to certify that smartphones and other critical technologies meet security standards. The bill prohibits certain actions (e.g., falsely attesting to certifications) with enforcement through the Federal Trade Commission (FTC).

The bill establishes within DHS the Bureau of Cybersecurity Statistics. Entities that provide cybersecurity incident response or insurance must report specified information to the bureau. The FTC must enforce this reporting requirement, and the bill limits the use of reported information in some proceedings.

The bill also (1) requires a strategy to secure a protocol and naming system that facilitate information exchange on the internet, and (2) expands hiring authorities of the Office of the National Cyber Director.