National Risk Management Act of 2023

This bill requires the Cybersecurity and Infrastructure Security Agency of the Department of Homeland Security (DHS) to establish a recurring process to identify and assess risks to critical infrastructure and requires the President to deliver to Congress a national critical infrastructure resilience strategy designed to address the risks identified.

The process must include elements to

• collect relevant information from Sector Risk Management Agencies relating to the threats, vulnerabilities, and consequences related to the particular sectors of such agencies;
• allow critical infrastructure owners and operators to submit relevant information to DHS for consideration; and
• outline how DHS will solicit input from other federal departments and agencies.

DHS must brief the Senate and House homeland security committees on (1) the national risk management process activities undertaken pursuant to the strategy, and (2) the amounts and timeline for funding that DHS has determined would be necessary to address risks of cybersecurity threats and physical threats and successfully execute the full range of activities proposed by the strategy.