S4565Referred to Committee

Strengthening Cyber Resilience Against State-Sponsored Threats Act

Share:
Introduced
In Committee
3
Passed One Chamber
4
Passed Both
5
Signed into Law
119th
Congress
2026-05-19
Introduced
0
Cosponsors
S
Type

Sponsor

Rick Scott
Rick Scott
Republican · FL · Senator
Votes with party: 33.2% (322 recorded votes)

Full profile: /officials/S001217

Source: Congress.gov · FEC

Cosponsors (0)

Members who have signed on to support this bill since introduction. Source: Congress.gov.

No cosponsors on record. Bills can pass without cosponsors — this often means the sponsor introduced the bill alone, either because it's a messaging bill, a chairman's mark, or simply early in the legislative cycle.

Latest Action

The most recent step in the bill's legislative path. Committee Activity below shows referrals and reports; the full action-by-action history including floor proceedings lives at Congress.gov →

Read twice and referred to the Committee on Homeland Security and Governmental Affairs.

2026-05-19

Source: Congress.gov

Committee Activity

Currently in

Plain-English Summary

The government would create a task force to investigate and report on cyberattacks against America's critical infrastructure—like power grids, water systems, and communications networks—that are carried out by Chinese state-sponsored hackers. This effort would help federal agencies understand the scope and methods of these attacks so they can better protect essential services that millions of Americans depend on daily. The task force would need to deliver detailed findings to Congress about what's happening and how to defend against future threats.

AI-assisted summary generated from the official bill metadata (title, subjects, actions) sourced from Congress.gov. Cached and reviewed. Always verify against the official text linked below.

Full Bill Text

Verbatim text published on Congress.gov via GovInfo. Use Cmd+F / Ctrl+F to search within this excerpt.

[Congressional Bills 119th Congress] [From the U.S. Government Publishing Office] [S. 4565 Introduced in Senate (IS)] <DOC> 119th CONGRESS 2d Session S. 4565 To ensure the security and integrity of United States critical infrastructure by establishing an interagency task force and requiring a comprehensive report on the targeting of United States critical infrastructure by People's Republic of China state-sponsored cyber actors, and for other purposes. _______________________________________________________________________ IN THE SENATE OF THE UNITED STATES May 19, 2026 Mr. Scott of Florida introduced the following bill; which was read twice and referred to the Committee on Homeland Security and Governmental Affairs _______________________________________________________________________ A BILL To ensure the security and integrity of United States critical infrastructure by establishing an interagency task force and requiring a comprehensive report on the targeting of United States critical infrastructure by People's Republic of China state-sponsored cyber actors, and for other purposes. Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled, SECTION 1. SHORT TITLE. This Act may be cited as the ``Strengthening Cyber Resilience Against State-Sponsored Threats Act''. SEC. 2. INTERAGENCY TASK FORCE AND REPORT ON THE TARGETING OF UNITED STATES CRITICAL INFRASTRUCTURE BY PEOPLE'S REPUBLIC OF CHINA STATE-SPONSORED CYBER ACTORS. (a) Definitions.--In this section: (1) Appropriate congressional committees.--The term ``appropriate congressional committees'' means-- (A) the Committee on Homeland Security and Governmental Affairs, the Committee on the Judiciary, and the Select Committee on Intelligence of the Senate; and (B) the Committee on Homeland Security, the Committee on the Judiciary, and the Permanent Select Committee on Intelligence of the House of Representatives. (2) Asset.--The term ``asset'' means a person, structure, facility, information, material, equipment, network, or process, whether physical or virtual, that enables the services, functions, or capabilities of an organization. (3) Critical infrastructure.--The term ``critical infrastructure'' has the meaning given the term in section 1016(e) of the Critical Infrastructures Protection Act of 2001 (42 U.S.C. 5195c(e)). (4) Cybersecurity threat.--The term ``cybersecurity threat'' has the meaning given the term in section 2200 of the Homeland Security Act of 2002 (6 U.S.C. 650). (5) Director.--The term ``Director'' means the Director of the Cybersecurity and Infrastructure Security Agency. (6) Homeland security enterprise.--The term ``Homeland Security Enterprise'' has the meaning given the term in section 2200 of the Homeland Security Act of 2002 (6 U.S.C. 650). (7) Incident.--The term ``incident'' has the meaning given the term in section 2200 of the Homeland Security Act of 2002 (6 U.S.C. 650). (8) Information sharing.--The term ``information sharing'' means the bidirectional sharing of timely and relevant information concerning a cybersecurity threat posed by a State- sponsored cyber actor of the People's Republic of China to United States critical infrastructure. (9) Intelligence community.--The term ``intelligence community'' has the meaning given the term in section 3(4) of the National Security Act of 1947 (50 U.S.C. 3003(4)). (10) Locality.--The term ``locality'' means any local government authority or agency or component thereof within a State having jurisdiction over matters at a county, municipal, or other local government level. (11) Secretary.--The term ``Secretary'' means the Secretary of Homeland Security. (12) Sector.--The term ``sector'' means a collection of assets, systems, networks, entities, or organizations that provide or enable a common function for national security (including national defense and continuity of Government), national economic security, national public health or safety, or any combination thereof. (13) Sector risk management agency.--The term ``Sector Risk Management Agency'' has the meaning given the term in section 2200 of the Homeland Security Act of 2002 (6 U.S.C. 650). (14) State.--The term ``State'' means any State of the United States, the District of Columbia, the Commonwealth of
Show the remaining 1,313 words
Puerto Rico, the Northern Mariana Islands, the United States Virgin Islands, Guam, American Samoa, and any other territory or possession of the United States. (15) Systems.--The term ``systems'' means a combination of personnel, structures, facilities, information, materials, equipment, networks, or processes, whether physical or virtual, integrated or interconnected for a specific purpose that enables the services, functions, or capabilities of an organization. (16) Task force.--The term ``task force'' means the joint interagency task force established under subsection (b). (17) United states.--The term ``United States'', when used in a geographic sense, means any State of the United States. (18) Volt typhoon.--The term ``Volt Typhoon'' means the People's Republic of China State-sponsored cyber actor described in the Cybersecurity and Infrastructure Security Agency cybersecurity advisory entitled ``PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure'', issued on February 07, 2024, or any successor advisory. (b) Interagency Task Force.--Not later than 120 days after the date of enactment of this Act, the Secretary, acting through the Director, in consultation with the Attorney General, the Director of the Federal Bureau of Investigation, and the heads of appropriate Sector Risk Management Agencies as determined by the Director, shall establish a joint interagency task force to facilitate collaboration and coordination among the Sector Risk Management Agencies assigned a Federal role or responsibility in National Security Memorandum-22, issued April 30, 2024 (relating to critical infrastructure security and resilience), or any successor document, to detect, analyze, and respond to the cybersecurity threat posed by State-sponsored cyber actors, including Volt Typhoon, of the People's Republic of China by ensuring that the actions of those agencies are aligned and mutually reinforcing. (c) Chairs.-- (1) Chairperson.--The Director, or the designee of the Director, shall serve as the Chairperson of the task force. (2) Vice chairperson.--The Director of the Federal Bureau of Investigation, or the designee of the Director, shall serve as the Vice Chairperson of the task force. (d) Composition.-- (1) In general.--The task force shall consist of appropriate representatives of the departments and agencies specified in subsection (b) appointed by the Chairperson in consultation with the Vice Chairperson. (2) Qualifications.--To materially assist in the activities of the task force, representatives under paragraph (1) shall be subject matter experts who have familiarity and technical expertise regarding cybersecurity, digital forensics, or threat intelligence analysis, or in-depth knowledge of the tactics, techniques, and procedures commonly used by State-sponsored cyber actors, including Volt Typhoon, of the People's Republic of China. (e) Vacancy.--Any vacancy occurring in the membership of the task force shall be filled in the same manner in which the original appointment was made. (f) Establishment Flexibility.--To avoid redundancy, the task force may coordinate with any preexisting task force, working group, or cross-intelligence effort within the Homeland Security Enterprise or the intelligence community that has examined or responded to the cybersecurity threat posed by State-sponsored cyber actors, including Volt Typhoon, of the People's Republic of China. (g) Task Force Reports; Briefing.-- (1) Initial report.--Not later than 540 days after the establishment of the task force, the task force shall submit to the appropriate congressional committees the first report containing the initial findings, conclusions, and recommendations of the task force. (2) Annual report.--Not later than 1 year after the date of the submission of the initial report under paragraph (1), and annually thereafter for 5 years, the task force shall submit to the appropriate congressional committees an annual report containing the findings, conclusions, and recommendations of the task force. (3) Contents.--The reports under this subsection shall include the following: (A) An assessment at the lowest classification feasible of the sector-specific risks, trends relating to incidents impacting sectors, and tactics, techniques, and procedures utilized by or relating to State-sponsored cyber actors, including Volt Typhoon, of the People's Republic of China. (B) An assessment of additional resources and authorities needed by Federal departments and agencies to better counter the cybersecurity threat posed by State-sponsored cyber actors, including Volt Typhoon, of the People's Republic of China. (C) A classified assessment of the extent of potential destruction, compromise, or disruption to United States critical infrastructure by State- sponsored cyber actors, including Volt Typhoon, of the People's Republic of China in the event of a major crisis or future conflict between the People's Republic of China and the United States. (D) A classified assessment of the ability of the United States to counter the cybersecurity threat posed by State-sponsored cyber actors, including Volt Typhoon, of the People's Republic of China in the event of a major crisis or future conflict between the People's Republic of China and the United States, including with respect to different cybersecurity measures and recommendations that could mitigate such a threat. (E) A classified assessment of the ability of State-sponsored cyber actors, including Volt Typhoon, of the People's Republic of China to disrupt operations of the United States Armed Forces by hindering mobility across critical infrastructure such as rail, aviation, and ports, including how such disruption would impair the ability of the United States Armed Forces to deploy and maneuver forces effectively. (F) A classified assessment of the economic and social ramifications of a disruption to 1 or multiple United States critical infrastructure sectors by State- sponsored cyber actors, including Volt Typhoon, of the People's Republic of China in the event of a major crisis or future conflict between the People's Republic of China and the United States. (G) Such recommendations as the task force may have for the Homeland Security Enterprise, the intelligence community, or critical infrastructure owners and operators to improve the detection and mitigation of the cybersecurity threat posed by State-sponsored cyber actors, including Volt Typhoon, of the People's Republic of China. (H) A one-time plan for an awareness campaign to familiarize critical infrastructure owners and operators with security resources and support offered by Federal departments and agencies to mitigate the cybersecurity threat posed by State-sponsored cyber actors, including Volt Typhoon, of the People's Republic of China. (4) Briefing.--Not later than 30 days after the date of the submission of each report under this subsection, the task force shall provide to the appropriate congressional committees a classified briefing on the findings, conclusions, and recommendations of the task force. (5) Form.--Each report under this subsection shall be submitted in classified form, consistent with the protection of intelligence sources and methods, but may include an unclassified executive summary. (6) Publication.--The unclassified executive summary of each report required under this subsection shall be published on a publicly accessible website of the Department of Homeland Security. (h) Access to Information.-- (1) In general.--The Secretary, the Director, the Attorney General, the Director of the Federal Bureau of Investigation, and the heads of appropriate Sector Risk Management Agencies, as determined by the Director, shall provide to the task force such information, documents, analysis, assessments, findings, evaluations, inspections, audits, or reviews relating to efforts to counter the cybersecurity threat posed by State- sponsored cyber actors, including Volt Typhoon, of the People's Republic of China as the task force considers necessary to carry out this section. (2) Receipt, handling, storage, and dissemination.-- Information, documents, analysis, assessments, findings, evaluations, inspections, audits, and reviews described in this subsection shall be received, handled, stored, and disseminated only by members of the task force consistent with all applicable statutes, regulations, and Executive orders. (3) Security clearances for task force members.--No member of the task force may be provided with access to classified information under this section without the appropriate security clearances. (i) Termination.--The task force, and all the authorities of this section, shall terminate on the date that is 60 days after the final briefing required under subsection (g)(4). (j) Exemption From FACA.--Chapter 10 of title 5, United States Code, shall not apply to the task force. (k) Exemption From Paperwork Reduction Act.--Chapter 35 of title 44, United States Code (commonly known as the ``Paperwork Reduction Act''), shall not apply to the task force. <all>
Open clean-text viewRead on Congress.gov →

Related legislation

Bills by the same sponsor or covering overlapping subjects.