Get started free →
S 4728 119th Congress · Senate

Bill to Refresh U.S. Cyber Sector Security Plans

Advocate

Official title: A bill to require the Director of the Cybersecurity and Infrastructure Security Agency to work with Sector Risk Management Agencies to update sector-specific plans, and for other purposes.

Analysis by · · + Track this bill

What This Bill Does

This Senate bill would direct the Director of the Cybersecurity and Infrastructure Security Agency (CISA) to work with the federal Sector Risk Management Agencies to update sector-specific plans. Those plans guide how the government and critical infrastructure sectors prepare for and respond to cyber and other infrastructure threats. The measure is aimed at improving coordination across sectors such as energy, transportation, finance, communications, and water. It does not specify a dollar amount in the available legislative actions.

  • Directs CISA to work with Sector Risk Management Agencies
  • Requires updates to sector-specific plans
  • Targets critical infrastructure sectors such as energy, transportation, and communications
  • Aims to improve coordination on cyber and infrastructure threats
  • No dollar amount is specified in the available actions

Who This Bill Affects

Public Relevance 28 / 100
Niche Modest scope Broad

For most people, this bill would affect them indirectly by pushing federal cyber and infrastructure planners to keep sector security plans up to date. If it works as intended, the main benefit would be fewer disruptions to services people depend on, such as power, communications, transportation, and water systems. It would not create a direct payment or eligibility change for the general public, but it could lead to stronger expectations for critical-infrastructure operators and their coordination with federal agencies.

See how this bill affects you — sign in for a personalized analysis

Who Supports & Opposes This

FOR
  • Critical infrastructure operators Operators benefit when federal agencies give clearer, updated guidance on roles, escalation paths, and coordination during cyber incidents. Better sector plans can reduce confusion during emergencies and help limit service outages.
  • Cybersecurity professionals Security experts generally favor regular plan updates because threat actors, software systems, and interdependencies change quickly. Keeping sector plans current can improve preparedness and make response efforts more effective.
  • Consumers and businesses dependent on essential services Households and firms want fewer disruptions to electricity, communications, transportation, and other essential systems. Updated plans may reduce the chance that a cyber incident spreads across sectors and causes broader economic harm.
AGAINST
  • Private-sector infrastructure owners concerned about compliance burden Companies may worry that updated plans will lead to additional coordination requirements, reporting expectations, or operational changes. They may see the bill as adding process without guaranteeing measurable security gains.
  • Budget-conscious policymakers Even without a specified funding amount, recurring plan updates can require staff time, interagency coordination, and administrative resources. Critics may question whether those resources would be better spent on direct security improvements.
  • Industry groups wary of federal overreach Some sectors may prefer flexible, industry-led security practices rather than more detailed federal planning mandates. They may argue that one-size-fits-all sector plans could be too rigid for different operational environments.

Key Implications

  • “work with Sector Risk Management Agencies”

    This means the update process is meant to be interagency, not handled by CISA alone. In practice, that can improve coordination across sectors but also requires multiple agencies to agree on priorities and responsibilities.

  • “update sector-specific plans”

    Sector plans are the playbooks for how different parts of the economy prepare for and respond to threats. Updating them can change how federal and industry partners communicate before, during, and after an incident.

  • “Director of the Cybersecurity and Infrastructure Security Agency”

    CISA would be the lead federal coordinator for this effort. That places the agency at the center of planning for critical infrastructure resilience and cyber incident readiness.

  • “for other purposes”

    This phrase signals that the bill may include related administrative or technical provisions beyond the title. In legislative practice, that can allow the committee to shape the final scope of the measure.

Latest Status

June 10, 2026

Read twice and referred to the Committee on Homeland Security and Governmental Affairs.

Take Action

Get more from BillBoard

Free tools to understand, respond to, and track this bill.

Ask AI about this bill
Email your representative Read full bill text Track this bill

Data sourced from api.congress.gov.

Free to use · No credit card

Understand every bill.
Make your voice count.

BillBoard turns dense U.S. legislation into plain-English summaries, helps you take a stance, and connects you to your representatives — in seconds.

Get started free Analyze this bill →