Today, U.S. Representative Eric Swalwell, Member of the House Intelligence Committee, introduced the Proactive Cyber Initiatives Act of 2022, a bill that invests in innovative cybersecurity methods to ensure we are fixing cyber vulnerabilities before our adversaries.
The U.S. is hopelessly losing the cybersecurity battle against other nations. In 2018, FBI cybercrime agents estimated that every American should expect that their personal information is already stolen by criminals and on the dark web. This is largely because most current cybersecurity practices are defensive, usually only patching vulnerabilities after they are exploited. More resources and new initiatives are needed to strengthen our cyber posture. This includes increasing federal government penetration testing to internally fix vulnerabilities, utilizing deception techniques to trap bad actors and study their behaviors, and engaging in continuous monitoring to test our systems against millions of distinct inputs.
"Cybercrime is increasingly putting American families, businesses, and government agencies at serious risk. For too long, we have been addressing vulnerabilities only after a breach occurs," said Swalwell. "My bill shifts the focus to one that is more proactive and innovative to protect our most critical infrastructures."
The Proactive Cyber Initiatives Act of 2022 would:
Mandate penetration testing for moderate to high-risk government systems with agency recommendations on needed authorities and resources.
Require agencies to report on proactive cyber methods such as deception technologies, continuous monitoring, and proportional actions taken in response to an unlawful breach.
Grant authority to the National Cyber Director to clear up risk conflicts between agencies with overlapping cyber jurisdiction.
Require experts to study and recommend mitigation of risks to strengthen our cyber infrastructures.