New legislation introduced on July 15 by Rep. Eric Swalwell, D-Calif., aims to mandate penetration testing and other proactive cyber defense measures for some Federal agency networks, and to give the National Cyber Director (NCD) the authority to weed out risk conflicts between agencies that have overlapping cybersecurity missions.
The Proactive Cyber Initiatives Act of 2022, Rep. Swalwell’s office said, is a “bill that invests in innovative cybersecurity methods to ensure we are fixing cyber vulnerabilities before our adversaries.”
Among other provisions, the bill would:
- Mandate penetration testing for “moderate to high-risk government systems” and provide agencies with recommendations for needed authorities and resources;
- Give the NCD authority to “clear up risk conflicts between agencies with overlapping cyber jurisdiction”;
- Require Federal agencies to “report on proactive cyber methods such as deception technologies, continuous monitoring, and proportional actions taken in response to an unlawful breach”; and
- Require new recommendations on cyber risk mitigation.
The bill’s call for penetration testing of Federal agency network defenses tracks with…
