Bill Summary
The "FEMA Cybersecurity Improvement Act" is a legislative proposal aimed at enhancing the Federal Emergency Management Agency's (FEMA) ability to address and mitigate cybersecurity risks that could disrupt its operations. The bill amends the Homeland Security Act of 2002 by adding a specific provision that emphasizes the importance of cybersecurity risk mitigation within FEMA's mandate.
Key provisions of the bill include:
1. **Amendment to Existing Law**: The act modifies an existing section of the Homeland Security Act to explicitly include the mitigation of cybersecurity risks as a responsibility of FEMA.
2. **Reporting Requirement**: Within one year of the bill's enactment, the Administrator of FEMA is required to report to several congressional committees on the agency's efforts and progress in addressing these cybersecurity risks, in collaboration with the Cybersecurity and Infrastructure Security Agency (CISA).
Overall, this legislation underscores the growing importance of cybersecurity in ensuring the continuity and effectiveness of emergency management operations.
Possible Impacts
The "FEMA Cybersecurity Improvement Act" aims to enhance the Federal Emergency Management Agency's (FEMA) ability to mitigate cybersecurity risks. Here are three examples of how this legislation could affect people:
1. **Improved Emergency Response**: By mandating FEMA to focus on mitigating cybersecurity risks, the legislation could lead to more robust and secure systems for emergency response. This means that in the event of a natural disaster or emergency, communication and coordination among federal, state, and local agencies would be less likely to be disrupted by cyberattacks, ultimately leading to more effective disaster management and quicker assistance to affected individuals.
2. **Increased Public Trust**: As FEMA enhances its cybersecurity measures, the public may have greater confidence in the agency's ability to protect sensitive information and ensure the integrity of emergency services. This trust could encourage more individuals to engage with FEMA programs, report emergencies, and participate in preparedness initiatives, leading to a more informed and resilient community.
3. **Protection of Critical Infrastructure**: The legislation emphasizes the importance of mitigating cybersecurity risks that could impede FEMA operations. This focus could extend to protecting critical infrastructure related to disaster response (e.g., power grids, communication networks). For citizens, this means a lower likelihood of service disruptions during disasters caused by cyber threats, ensuring that essential services remain operational when they are needed most.
[Congressional Bills 119th Congress]
[From the U.S. Government Publishing Office]
[H.R. 4579 Introduced in House (IH)]
<DOC>
119th CONGRESS
1st Session
H. R. 4579
To amend the Homeland Security Act of 2002 to provide for the
mitigation of cybersecurity risks by the Federal Emergency Management
Agency, and for other purposes.
_______________________________________________________________________
IN THE HOUSE OF REPRESENTATIVES
July 21, 2025
Mr. Thompson of Mississippi introduced the following bill; which was
referred to the Committee on Homeland Security, and in addition to the
Committee on Transportation and Infrastructure, for a period to be
subsequently determined by the Speaker, in each case for consideration
of such provisions as fall within the jurisdiction of the committee
concerned
_______________________________________________________________________
A BILL
To amend the Homeland Security Act of 2002 to provide for the
mitigation of cybersecurity risks by the Federal Emergency Management
Agency, and for other purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``FEMA Cybersecurity Improvement
Act''.
SEC. 2. MITIGATING CYBERSECURITY RISKS.
(a) In General.--Subsection (a) of section 523 of the Homeland
Security Act of 2002 (6 U.S.C. 321l) is amended--
(1) in the matter preceding paragraph (1), by striking ``as
of the day before the date of the enactment of this section,'';
(2) by redesignating paragraphs (3) through (8) as
paragraphs (4) through (9), respectively; and
(3) by inserting after paragraph (2) the following new
paragraph:
``(3) mitigating cybersecurity risks (as such term is
defined in section 2200) that could impede Agency
operations;''.
(b) Plan for FEMA Cybersecurity.--Not later than one year after the
date of the enactment of this section, the Administrator of the Federal
Emergency Management Agency, in consultation with the Director of the
Cybersecurity and Infrastructure Security Agency, shall submit to the
Committee on Homeland Security and the Committee on Transportation and
Infrastructure of the House of Representatives and the Committee on
Homeland Security and Governmental Affairs of the Senate a report on
the progress of Agency efforts to mitigate cybersecurity risks within
the Agency in accordance with paragraph (3) of section 523(a) of the
Homeland Security Act of 2002, as amended by subsection (a).
<all>