The Wavelength

The Wavelength

Share this post

The Wavelength
The Wavelength
U.S. Senate Sends Cybersecurity Omnibus Package To House

U.S. Senate Sends Cybersecurity Omnibus Package To House

FTC settles with Weight Watchers over COPPA violations; U.S. tightens its buy domestic requirements

Michael Kans's avatar
Michael Kans
Mar 07, 2022
∙ Paid

Share this post

The Wavelength
The Wavelength
U.S. Senate Sends Cybersecurity Omnibus Package To House
Share

Share The Wavelength

The Wavelength is now a subscription newsletter, so if you want access to all the content, subscribe today. And, it bears mention that content on technology policy, politics, and law that preceded the Wavelength can be found on my blog.

Photo by Krzysztof Kowalik on Unsplash

Last week, by unanimous consent, the United States (U.S.) Senate passed a sprawling package that aims to remedy and rectify U.S. government and private sector cybersecurity. While most of the bill focuses on the new standards for cybersecurity and information security U.S. government agencies would need to meet, the inclusion of cyber incident and ransomware reporting legislation bears directly on many private sector entities. The U.S. House has passed companion legislation on the same issues in discrete parts, but the timeline for action in that chamber is unclear and probably hinges on final agreement between the stakeholders in Congress and the Biden Administration. However, there are rumblings that some Republicans and, if I had to speculate, many industry stakeholders, notably companies contracting with the federal government, are opposed to many of the reforms of U.S. government cybersecurity on the grounds they unfairly and needlessly burden businesses and harm innovation.

In passing its omnibus bill, the Senate acted under the specter of a massive Russian cyber attack on Ukraine and western supporters that most stakeholders feared. As Senate Majority Leader Chuck Schumer (D-NY) said at the beginning of debate:

As the war in Ukraine goes on and as Putin mounts his illegal, immoral, and unprovoked attack, he is escalating cyber attacks on democracies around the world. So, as the need to protect this country from cyber attack is always very, very, very important, it has assumed even greater importance now with Putin's fighting in Ukraine and threatening cyber attacks throughout the world.

The “Strengthening American Cybersecurity Act of 2022” (S.3600) combines revised versions of the Senate’s Federal Information Security Modernization Act (FISMA) reform, cyber incident reform legislation, and a codification of the Federal Risk and Authorization Management Program (FedRAMP). As noted, this bill was moved by unanimous consent, the least contentious manner in which to pass legislation in the body, which signals wide support.

The House’s bill, the “Federal Information Security Modernization Act of 2022” (H.R.6497), does not have a cyber incident reporting bill or a FedRAMP authorization. It is, however, very similar to the Senate’s FISMA revamp. Having said all that, the House passed bills last year very similar to the two other pieces of S.3600. The “Cyber Incident Reporting for Critical Infrastructure Act of 2021” (H.R.5440) was added to the “FY 2022 National Defense Authorization Act” (NDAA) (P.L. 117-81) (H.R.4350) but was not part of the final FY 2022 NDAA (see here for more on why a cyber incident reporting bill was left out). Additionally, the “FedRAMP Authorization Act” (H.R.21) was one of the first bills the House sent the Senate at the beginning of the current Congress. However, this post will not address the FedRAMP portion of S.3600 or the House’s standalone bill.

This post is for paid subscribers

Already a paid subscriber? Sign in
© 2025 Michael Kans
Privacy ∙ Terms ∙ Collection notice
Start writingGet the app
Substack is the home for great culture

Share