Proactive Cyber Initiatives Act of 2022

This bill addresses proactive cybersecurity initiatives.

Specifically, each department or agency must (1) conduct regular penetration testing on the information systems of such department or agency; and (2) provide to the Cybersecurity and Infrastructure Security Agency (CISA) and the Office of Management and Budget a report on the results of such testing, including identifying any risks discovered and describing how cybersecurity may be improved.

CISA must issue guidance to facilitate the implementation of such requirements.

Further, CISA must report to Congress, including an analysis of

• whether increased engagement is needed from national laboratories and the private sector to assist with the protection of the information systems of agencies through the use of active defense techniques, deception technologies, and penetration testing;
• the feasibility and benefits of consolidating within CISA proactive cybersecurity initiatives; and
• whether CISA requires additional authorities or resources to carry out proactive cybersecurity initiatives for agencies.

The bill directs the Office of the National Cyber Director to deconflict overlapping cybersecurity jurisdiction between agencies.

The Government Accountability Office must report to Congress on penetration testing and active defense techniques, and study innovative uses of proactive cybersecurity initiatives.