S4728Referred to Committee

Combat Emerging Threats to Critical Infrastructure Act of 2026

Share:
Introduced
In Committee
3
Passed One Chamber
4
Passed Both
5
Signed into Law
119th
Congress
2026-06-10
Introduced
0
Cosponsors
S
Type

Sponsor

Mark R. Warner
Mark R. Warner
Democrat · VA · Senator
Votes with party: 76.3% (803 recorded votes)

Full profile: /officials/W000805

Source: Congress.gov · FEC

Cosponsors (0)

Members who have signed on to support this bill since introduction. Source: Congress.gov.

No cosponsors on record. Bills can pass without cosponsors — this often means the sponsor introduced the bill alone, either because it's a messaging bill, a chairman's mark, or simply early in the legislative cycle.

Latest Action

The most recent step in the bill's legislative path. Committee Activity below shows referrals and reports; the full action-by-action history including floor proceedings lives at Congress.gov →

Read twice and referred to the Committee on Homeland Security and Governmental Affairs.

2026-06-10

Source: Congress.gov

Committee Activity

Currently in

Plain-English Summary

The federal government would update its plans for protecting critical infrastructure sectors like energy, water, and transportation from cyber attacks and physical threats by having the Cybersecurity and Infrastructure Security Agency coordinate with agencies responsible for each sector. These updated plans would help identify vulnerabilities and improve how the government responds to emergencies that could affect essential services that Americans rely on daily. The bill is currently under review by the Senate committee that oversees homeland security matters.

AI-assisted summary generated from the official bill metadata (title, subjects, actions) sourced from Congress.gov. Cached and reviewed. Always verify against the official text linked below.

Full Bill Text

Verbatim text published on Congress.gov via GovInfo. Use Cmd+F / Ctrl+F to search within this excerpt.

[Congressional Bills 119th Congress] [From the U.S. Government Publishing Office] [S. 4728 Introduced in Senate (IS)] <DOC> 119th CONGRESS 2d Session S. 4728 To require the Director of the Cybersecurity and Infrastructure Security Agency to work with Sector Risk Management Agencies to update sector-specific plans, and for other purposes. _______________________________________________________________________ IN THE SENATE OF THE UNITED STATES June 10, 2026 Mr. Warner introduced the following bill; which was read twice and referred to the Committee on Homeland Security and Governmental Affairs _______________________________________________________________________ A BILL To require the Director of the Cybersecurity and Infrastructure Security Agency to work with Sector Risk Management Agencies to update sector-specific plans, and for other purposes. Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled, SECTION 1. SHORT TITLE. This Act may be cited as the ``Combat Emerging Threats to Critical Infrastructure Act of 2026''. SEC. 2. DEFINITIONS. In this Act: (1) Artificial intelligence.--The term ``artificial intelligence'' has the meaning given that term in section 5002 of the National Artificial Intelligence Initiative Act of 2020 (15 U.S.C. 9401). (2) Digital asset.--The term ``digital asset'' has the meaning given that term in section 2 of the GENIUS Act (12 U.S.C. 5901). (3) Director.--The term ``Director'' means the Director of the Cybersecurity and Infrastructure Security Agency. (4) National security memorandum 22.--The term ``National Security Memorandum 22'' means the National Security Memorandum on Critical Infrastructure and Resilience (NSM-22), issued April 30, 2024. (5) Sector risk management agency.--The term ``Sector Risk Management Agency'' has the meaning given that term in section 2200 of the Homeland Security Act of 2002 (6 U.S.C. 650). SEC. 3. SECTOR RISK MANAGEMENT AGENCY SECTOR-SPECIFIC PLANS. (a) Update of Sector-Specific Plans.--Not later than 1 year after the date of enactment of this Act, the Director shall update the sector-specific plans for-- (1) the Chemical Sector, as that term is used in National Security Memorandum 22; (2) the Commercial Facilities Sector, as that term is used in National Security Memorandum 22; (3) the Communications Sector, as that term is used in National Security Memorandum 22; (4) the Critical Manufacturing Sector, as that term is used in National Security Memorandum 22; (5) the Dams Sector, as that term is used in National Security Memorandum 22; (6) the Defense Industrial Base Sector, as that term is used in National Security Memorandum 22; (7) the Emergency Services Sector, as that term is used in National Security Memorandum 22; (8) the Energy Sector, as that term is used in National Security Memorandum 22; (9) the Financial Services Sector, as that term is used in National Security Memorandum 22; (10) the Food and Agriculture Sector, as that term is used in National Security Memorandum 22; (11) the Government Services and Facilities Sector, as that term is used in National Security Memorandum 22; (12) the Healthcare and Public Health Sector, as that term is used in National Security Memorandum 22; (13) the Information Technology Sector, as that term is used in National Security Memorandum 22; (14) the Nuclear Reactors, Materials, and Waste Sector, as that term is used in National Security Memorandum 22; (15) the Transportation Systems Sector, as that term is used in National Security Memorandum 22; and (16) the Water and Wastewater Sector, as that term is used in National Security Memorandum 22. (b) Technology-Facilitated Threats.--In carrying out subsection (a)-- (1) each sector-specific plan shall incorporate sector- specific risk management practices to address risks exacerbated or facilitated by disruptive technologies, such as artificial intelligence, including-- (A) malicious activity, sabotage, or efforts to otherwise clandestinely degrade artificial intelligence systems or the supply
Show the remaining 836 words
chain of an artificial intelligence system, including training or test data, frameworks or software libraries, training or inference computing environments, or other components necessary for the training, management, or maintenance of an artificial intelligence system used by an owner or operator of critical infrastructure; (B) malicious activity leveraging artificial intelligence capabilities for computer network exploitation campaigns directed at the networks of owners and operators of critical infrastructure; (C) risks and mitigations associated with the deployment of cloud-based architecture, robotics, and zero trust principles (as defined in NIST Special Publication 800-207 or any successor publication); (D) evolving risks associated with social engineering techniques and digitally manipulated or digitally generated images, audio, video, or text documents; and (E) interagency and public-private information and threat intelligence sharing functions dependent on the organization, funding, and expertise of agencies (as defined in section 4101 of title 5, United States Code); and (2) with respect to the sector-specific plan for the Financial Services Sector pursuant to subsection (a)(9), the Director shall coordinate with the Secretary of the Treasury to develop a process to determine digital asset vulnerabilities relating to cryptographic risks resulting from quantum computing. (c) Interagency Coordination.--In carrying out subsection (a), the Director shall coordinate with each relevant designated Sector Risk Management Agency. (d) Reports to Congress.--Not later than 30 days after the date on which the Director completes the update of the sector-specific plans required under subsection (a), the Director shall-- (1) inform and provide a copy of each sector-specific plan to-- (A) the Committee on Homeland Security and Governmental Affairs of the Senate; (B) the Select Committee on Intelligence of the Senate; (C) the Committee on Homeland Security of the House of Representatives; and (D) the Permanent Select Committee on Intelligence of the House of Representatives; (2) inform and provide a copy of the sector-specific plan for the Defense Industrial Base Sector updated pursuant to subsection (a)(6) to-- (A) the Committee on Armed Services of the Senate; and (B) the Committee on Armed Services of the House of Representatives; (3) inform and provide a copy of the sector-specific plan for the Energy Sector updated pursuant to subsection (a)(8) to-- (A) the Committee on Energy and Natural Resources of the Senate; and (B) the Committee on Energy and Commerce of the House of Representatives; (4) inform and provide a copy of the sector-specific plan for the Financial Services Sector updated pursuant to subsection (a)(9) to-- (A) the Committee on Finance of the Senate; and (B) the Committee on Financial Services of the House of Representatives; (5) inform and provide a copy of the sector-specific plan for the Food and Agriculture Sector updated pursuant to subsection (a)(10) to-- (A) the Committee on Agriculture, Nutrition, and Forestry of the Senate; (B) the Committee on Health, Education, Labor, and Pensions of the Senate; (C) the Committee on Finance of the Senate; (D) the Committee on Agriculture of the House of Representatives; (E) the Committee on Energy and Commerce of the House of Representatives; and (F) the Committee on Ways and Means of the House of Representatives; (6) inform and provide a copy of the sector-specific plan for the Government Services and Facilities Sector updated pursuant to subsection (a)(11) to-- (A) the Committee on Environment and Public Works of the Senate; (B) the Committee on Oversight and Government Reform of the House of Representatives; and (C) the Committee on Transportation and Infrastructure of the House of Representatives; (7) inform and provide a copy of the sector-specific plan for the Healthcare and Public Health Sector updated pursuant to subsection (a)(12) to-- (A) the Committee on Health, Education, Labor, and Pensions of the Senate; (B) the Committee on Finance of the Senate; (C) the Committee on Energy and Commerce of the House of Representatives; and (D) the Committee on Ways and Means of the House of Representatives; (8) inform and provide a copy of the sector-specific plan for the Transportation Systems Sector updated pursuant to subsection (a)(15) to-- (A) the Committee on Commerce, Science, and Transportation of the Senate; and (B) the Committee on Transportation and Infrastructure of the House of Representatives; and (9) inform and provide a copy of the sector-specific plan for the Water and Wastewater Sector updated pursuant to subsection (a)(16) to-- (A) the Committee on Environment and Public Works of the Senate; and (B) the Committee on Transportation and Infrastructure of the House of Representatives. SEC. 4. BIENNIAL REASSESSMENT. (a) In General.--Not later than 2 years after the date on which the Director completes the update of the sector-specific plans required under section 3(a), and not less frequently than once every 2 years thereafter, the Director shall-- (1) conduct a reassessment of each sector-specific plan; and (2) issue revised sector-specific plans. (b) Notification to Congress.--Not later than 30 days after the date on which the Director completes each update of the sector-specific plans required under subsection (a), the Director shall inform and provide copies of each sector-specific plan to the relevant committees of Congress in the manner prescribed under section 3(d). <all>
Open clean-text viewRead on Congress.gov →

Related legislation

Bills by the same sponsor or covering overlapping subjects.