Strengthening Cyber Resilience Against State-Sponsored Threats Act

The Strengthening Cyber Resilience Against State-Sponsored Threats Act would create a new interagency task force led by the Cybersecurity and Infrastructure Security Agency (CISA) within the Department of Homeland Security, with the FBI as vice chair. The task force would bring together senior officials and subject-matter experts from relevant federal agencies to detect, analyze, and respond to cyber threats from state-sponsored actors in the People’s Republic of China, specifically naming Volt Typhoon as a focus. The bill requires a comprehensive, multi-year reporting effort—including an initial report within 540 days and annual reports for five years—that assesses sector-specific risks, identifies needed resources, and provides classified assessments of potential disruption or destruction to U.S. critical infrastructure and national security capabilities. Unclassified executive summaries would be published publicly, while the reports themselves would be classified, with necessary briefings to Congress. The measure also sets governance rules for the task force (chair and vice chair roles, membership, access to information, and security requirements), allows coordination with existing interagency efforts to avoid duplication, and provides a one-time awareness campaign for critical infrastructure owners and operators about available federal security resources. The act includes exemptions from the Federal Advisory Committee Act and the Paperwork Reduction Act, and it would terminate 60 days after the final briefing. The bill defines several terms and identifies which congressional committees have oversight.