Combat Emerging Threats to Critical Infrastructure Act of 2026
- Bill Number
- S. 4728
- Origin Chamber
- Senate
- Congress
- 119th Congress, Session 2
- Policy Area
- Government Operations and Politics
- Status
- Introduced
- Latest Action
- 2026-06-10: Read twice and referred to the Committee on Homeland Security and Governmental Affairs.
- Last Updated
- 2026-07-06T19:45:52Z
AI-Generated Summary
Purpose This legislation directs the Director of the Cybersecurity and Infrastructure Security Agency (CISA) to update existing sector-specific plans for critical infrastructure. The updates focus on addressing risks from disruptive technologies, such as artificial intelligence and quantum computing, to strengthen resilience across designated sectors.
Key Provisions
- Sector Plan Updates: Within one year of enactment, the Director must revise plans for all 16 critical infrastructure sectors listed in National Security Memorandum 22 (Chemical, Commercial Facilities, Communications, Critical Manufacturing, Dams, Defense Industrial Base, Emergency Services, Energy, Financial Services, Food and Agriculture, Government Services and Facilities, Healthcare and Public Health, Information Technology, Nuclear Reactors Materials and Waste, Transportation Systems, and Water and Wastewater).
- Technology-Specific Requirements: Each updated plan must include risk management practices for threats involving artificial intelligence, including sabotage of AI systems or supply chains, AI-enabled cyberattacks, cloud architecture and robotics risks, zero-trust principles, and digitally manipulated content such as deepfakes.
- Financial Sector Coordination: For the Financial Services Sector, the Director must work with the Secretary of the Treasury to assess digital asset vulnerabilities arising from quantum computing.
- Coordination and Reporting: The Director must coordinate with relevant Sector Risk Management Agencies and submit copies of updated plans to designated congressional committees within 30 days of completion.
- Ongoing Reassessment: Every two years after the initial update, the Director must reassess and revise the plans, with corresponding congressional notifications.
Significant Changes to Existing Law The bill adds mandatory timelines and technology-focused content to sector-specific planning processes already referenced under National Security Memorandum 22 and the Homeland Security Act of 2002. It introduces biennial reassessment requirements and specific reporting obligations to multiple congressional committees, expanding the scope of CISA's responsibilities beyond current practices.
Potential Impacts
- Government Agencies: Increases workload for CISA and Sector Risk Management Agencies through required coordination, plan revisions, and interagency information sharing.
- Citizens and Infrastructure Operators: Enhances preparedness against emerging cyber and technology threats, potentially improving the security of essential services such as energy, healthcare, and transportation.
- International Relations: No direct provisions address foreign entities, though improved domestic resilience could indirectly support broader cybersecurity cooperation.
Main Stakeholders Affected
- CISA and its Director
- Designated Sector Risk Management Agencies across federal departments
- Owners and operators of critical infrastructure in the 16 listed sectors
- Multiple congressional committees with oversight roles, including those on homeland security, intelligence, armed services, energy, finance, agriculture, and transportation
Notable Legal, Constitutional, or Political Implications The legislation operates within existing executive authority for critical infrastructure protection and imposes no apparent constitutional conflicts. It strengthens congressional oversight through detailed reporting requirements and emphasizes interagency collaboration on technology risks, which may influence future funding and policy priorities in homeland security.
This summary was generated by AI and may contain inaccuracies. Refer to the official source document for the authoritative text.
Sponsor
Recent Actions
- 2026-06-10: Read twice and referred to the Committee on Homeland Security and Governmental Affairs.
- 2026-06-10: Introduced in Senate
Bill Versions
- Combat Emerging Threats to Critical Infrastructure Act of 2026 — issued 2026-06-10 — PDF (10 pages)