Source: United States Senator for Michigan Gary Peters
Legislation Would Bolster Federal Cybersecurity, Improve Government Efficiency, and Create Jobs
WASHINGTON, D.C. – U.S. Senator Gary Peters (MI), Chairman of Homeland Security and Governmental Affairs, announced he has introduced bipartisan legislation to update and make permanent the Federal Risk and Authorization Management Program (FedRAMP), to ensure federal agencies are able to quickly and securely adopt cloud-based technologies that improve government operations and efficiency. The bill will make FedRAMP more accountable to the American people and create private sector jobs in companies that provide cloud services. The legislation comes after an announcement from Microsoft, which provides cloud services to multiple federal agencies, that Russia-backed hackers have been relentlessly targeting cloud service companies and others since this summer.
“Cloud-based systems have already shown they can greatly improve government efficiency and save taxpayer dollars, but we must ensure that the technology is safe from relentless cyber-attacks,” said Senator Peters. “This important bipartisan bill will make sure that agencies can procure cloud-based technology quickly, while ensuring these systems – and the information they store – are secure. It will also help companies that provide these technologies grow and create jobs, and incentivize them to provide innovative products to bolster our nation’s competitiveness in this space.”
Cloud storage and other technologies are widely used by the federal government. FedRAMP has defined the responsibilities of federal agencies since 2011 to ensure cloud-based information technology is used appropriately. Updating and making this program permanent will ensure it is accountable to Congress and that cloud-based products procured by federal agencies are secure. Under FedRAMP, there are currently are more than 200 Cloud Service Providers serving 183 federal agencies. Thirty percent of these providers are small businesses and investing in this technology will help these companies grow their business and hire new workers. As the COVID-19 pandemic continues pushing agencies to adopt these technologies so federal employees can effectively serve the American people while working remotely – Peters’ bipartisan legislation will help ensure that agencies’ processes of moving safely to the cloud are streamlined and efficient.
The Federal Secure Cloud Improvement and Jobs Act makes permanent and updates FedRAMP to ensure that cloud-based information technology can be quickly adopted by the federal government while ensuring that it is secure. The bill modernizes the process by which cloud products are deemed safe and can receive FedRAMP authorization. The legislation also establishes metrics to ensure proper implementation of FedRAMP, and requires the creation of a Federal Secure Cloud Advisory Committee to improve communication between federal agencies who utilize cloud technologies and the companies that provide them. Finally, the legislation authorizes a $20 million investment to operate FedRAMP.
As Chairman of the Homeland Security and Governmental Affairs Committee, Peters has led efforts to increase our nation’s cybersecurity defenses. His bill to enhance cybersecurity assistance to K-12 educational institutions across the country was recently signed into law. Peters’ bipartisan bills to bolster federal cybersecurity and require critical infrastructure owners and operators to report to CISA if they experience a cyber-attack, and other organizations, including nonprofits, many businesses, and state and local governments, to notify the federal government they make a ransom payment have advanced in the Senate. A provision based on Peters’ legislation that would provide additional resources and better coordination to respond to and recover from serious cyber-attacks that threaten national security passed the Senate as a part of the bipartisan infrastructure bill. Peters is also conducting an investigation into the role cryptocurrencies continue to play in emboldening and incentivizing cybercriminals to commit ransomware attacks.
###