FEMA Cybersecurity Improvement Act
- Bill Number
- H.R. 4579
- Origin Chamber
- House
- Congress
- 119th Congress, Session 1
- Policy Area
- Emergency Management
- Status
- Introduced
- Latest Action
- 2025-07-22: Referred to the Subcommittee on Emergency Management and Technology.
- Last Updated
- 2026-05-16T08:07:13Z
AI-Generated Summary
Purpose
The FEMA Cybersecurity Improvement Act (H.R. 4579) aims to strengthen the Federal Emergency Management Agency's (FEMA) ability to address cybersecurity threats by incorporating risk mitigation into its core responsibilities. This helps ensure that cyber incidents do not disrupt emergency response operations.
Key Provisions
- Amendment to Responsibilities: Updates section 523(a) of the Homeland Security Act of 2002 to explicitly include "mitigating cybersecurity risks" (defined in section 2200 of that Act as threats to information systems) as a primary duty of FEMA, focusing on risks that could hinder agency operations.
- Reporting Requirement: Within one year of enactment, the FEMA Administrator must submit a report to specified congressional committees (House Committee on Homeland Security, House Committee on Transportation and Infrastructure, and Senate Committee on Homeland Security and Governmental Affairs). The report, developed in consultation with the Director of the Cybersecurity and Infrastructure Security Agency (CISA), will detail FEMA's progress in addressing cybersecurity risks under the new provision.
Significant Changes to Existing Law
- Expands FEMA's listed primary responsibilities in the Homeland Security Act by inserting a new paragraph (3) specifically for cybersecurity risk mitigation, shifting previously numbered paragraphs accordingly.
- Removes outdated language referencing the pre-enactment date, making the provision more current and forward-looking.
- Introduces a mandatory progress report, which was not previously required for this area of FEMA's operations.
Potential Impacts
- On Government Agencies: Enhances FEMA's operational resilience against cyber threats, potentially improving coordination with CISA and the Department of Homeland Security (DHS). This could lead to better integration of cybersecurity into emergency preparedness and response planning.
- On Citizens: Indirectly benefits the public by reducing the risk of cyber disruptions to disaster response services, such as during natural disasters or other emergencies, ensuring more reliable federal aid.
- On International Relations: Minimal direct impact, though stronger U.S. cybersecurity in emergency management could support broader national security efforts in international disaster response collaborations.
Main Stakeholders Affected
- FEMA and DHS: Directly tasked with implementing the new responsibilities and reporting.
- CISA: Involved in consultation for the report, promoting inter-agency collaboration on cybersecurity.
- Congressional Committees: Receive oversight reports, influencing future funding and policy decisions.
- State and Local Emergency Managers: May see indirect effects through improved federal support in cyber-resilient disaster planning.
- Cybersecurity Experts and Private Sector: Could be engaged in supporting FEMA's mitigation efforts.
Notable Legal, Constitutional, or Political Implications
- Legal: Reinforces FEMA's authority under existing DHS frameworks without creating new agencies or budgets, relying on amendments to streamline responsibilities. The reference to section 2200 ensures consistent terminology for "cybersecurity risks" across federal law.
- Constitutional: Aligns with Congress's enumerated powers over national defense and interstate commerce by bolstering federal emergency management against modern threats; no apparent conflicts with state powers or individual rights.
- Political: Signals bipartisan interest in cybersecurity (introduced by Rep. Thompson of Mississippi), potentially paving the way for increased funding or further legislation. It emphasizes proactive risk management in a high-priority area like homeland security, amid growing concerns over cyber vulnerabilities in critical infrastructure.
This summary was generated by AI and may contain inaccuracies. Refer to the official source document for the authoritative text.
Sponsor
Rep. Thompson, Bennie G. [D-MS-2]
Recent Actions
- 2025-07-22: Referred to the Subcommittee on Emergency Management and Technology.
- 2025-07-22: Referred to the Subcommittee on Economic Development, Public Buildings, and Emergency Management.
- 2025-07-21: Referred to the Committee on Homeland Security, and in addition to the Committee on Transportation and Infrastructure, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned.
- 2025-07-21: Referred to the Committee on Homeland Security, and in addition to the Committee on Transportation and Infrastructure, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned.
- 2025-07-21: Introduced in House
- 2025-07-21: Introduced in House
Bill Versions
- FEMA Cybersecurity Improvement Act — issued 2025-07-21 — PDF (3 pages)