WeVote

Bill

Bill

S 4565

Strengthening Cyber Resilience Against State-Sponsored Threats Act

119th Congress Introduced by Rick Scott

Creates a cross-agency task force to detect, analyze, and counter PRC state-sponsored cyber threats (including Volt Typhoon) against U.S. infrastructure.

Introduced in Senate
0
WeVote Research Nonpartisan
Bill Summary · S 4565

Summary of S.4565 – Strengthening Cyber Resilience Against State-Sponsored Threats Act

Purpose and intent

  • Establishes an interagency task force to improve security and integrity of United States critical infrastructure.
  • Specifically targets cybersecurity threats posed by state-sponsored actors from the People's Republic of China, including the actor referred to as Volt Typhoon.
  • Requires a comprehensive, ongoing reporting framework to Congress on sector-specific risks, threats, resource needs, and potential countermeasures.

Key provisions and changes

  • Definitions (Section 2(a))

    • Clarifies terms used in the act, including:
    • Appropriate congressional committees (Senate: Homeland Security and Governmental Affairs, Judiciary, Select Committee on Intelligence; House: Homeland Security, Judiciary, Permanent Select Committee on Intelligence).
    • Asset, Critical Infrastructure, Cybersecurity Threat, Incident, Intelligence Community, Sector, Sector Risk Management Agency, Systems, etc.
    • Volt Typhoon as the PRC state-sponsored cyber actor described in a DHS-CISA advisory (Feb 7, 2024) or successors.
  • Interagency Joint Task Force (Section 2(b)–(d))

    • Establishes a joint interagency task force within 120 days of enactment.
    • Task force to detect, analyze, and respond to PRC state-sponsored cyber actors (including Volt Typhoon) and align actions across Sector Risk Management Agencies.
    • Chair: Director of CISA (or designee); Vice Chair: Director of the FBI (or designee).
    • Composition: Representatives from relevant departments and agencies, appointed by the Chair, with subject-matter expertise in cybersecurity, forensics, threat intelligence, and knowledge of State-sponsored actor TTPs (including Volt Typhoon).
  • Coordination and Flexibility (Section 2(f))

    • Task force may coordinate with preexisting DHS Intelligence Enterprise or broader Homeland Security Enterprise efforts to avoid duplication.
  • Reporting Requirements (Section 2(g))

    • Initial report due within 540 days of establishment; annual reports due for 5 years thereafter.
    • Each report must include:
    • Sector-specific risk assessments, trends, and attacker TTPs related to PRC state-sponsored actors (including Volt Typhoon).
    • Resource and authority needs for Federal departments/agencies to counter the threat.
    • Classified assessments of potential disruption/destruction to critical infrastructure in a major crisis or conflict, and the U.S. countermeasures—both overt and alternative (with various security classifications).
    • Classified assessments of the ability of the U.S. to counter the threat in crisis scenarios, including mitigation options and cybersecurity measures.
    • Classified assessments of potential disruption to U.S. Armed Forces mobility (rail, aviation, ports) and impacts on deployment/maneuver.
    • Classified assessments of economic and social ramifications of disruptions to critical infrastructure.
    • Recommendations for Homeland Security Enterprise, the intelligence community, and critical infrastructure owners/operators to improve detection/mitigation.
    • A one-time awareness campaign plan for infrastructure owners/operators about available security resources.
    • Each report must be accompanied by a classified briefing to appropriate committees within 30 days of submission; unclassified executive summaries may be released publicly.
    • Unclassified executive summaries of each report will be published on the DHS website.
  • Access to Information (Section 2(h))

    • Requires federal agencies (Secretary of Homeland Security, Attorney General, FBI Director, heads of Sector Risk Management Agencies) to provide information and materials to the task force as needed.
    • Handling and dissemination restricted to task force members in compliance with laws and regulations; security clearances are required for access to classified material.
  • Termination and Miscellaneous (Sections 2(i)–(k))

    • Task force and its authorities terminate 60 days after the final required briefing.
    • Exemptions: Task force is exempt from the Federal Advisory Committee Act (FACA) and from the Paperwork Reduction Act (PRA), facilitating faster operation and reporting.

Who or what would be affected

  • Federal agencies involved in national security and critical infrastructure protection, including:
    • Cybersecurity and Infrastructure Security Agency (CISA)
    • Federal Bureau of Investigation (FBI)
    • Attorney General and other National Security-related agencies
    • Sector Risk Management Agencies (as defined in Homeland Security Act)
  • Critical infrastructure sectors and their owners/operators (public and private entities) that provide essential services (energy, communications, transportation, water, healthcare, etc.).
  • Policymakers and congressional committees overseeing homeland security, judiciary, and intelligence.
  • The bill creates a framework for enhanced information sharing and threat analysis related to China-state sponsored cyber actors, particularly Volt Typhoon.

Procedural and timeline aspects

  • Enactment triggers the 120-day deadline to establish the interagency task force.
  • Initial reporting to Congress due within 540 days after establishment.
  • Annual reports due for five consecutive years, with a 30-day window for classified briefings after each report.
  • Public unclassified executive summaries to be posted on the Department of Homeland Security website.
  • Termination occurs 60 days after the final briefing is delivered.

Overall impact

  • The act formalizes cross-agency coordination to monitor, analyze, and counter state-sponsored cyber threats from PRC actors targeting U.S. critical infrastructure.
  • It emphasizes transparency with Congress and public-facing summaries while prioritizing classified analyses for national security purposes.
  • By focusing on Volt Typhoon and related actors, the bill aims to strengthen resilience, resource allocation, and strategic planning for cyber defense in crisis or conflict scenarios.

Compiled from official sources — confirm details with the bill’s official record.

Sign in to ask a question.