Description:
S. 2491 would require the Department of Homeland Security (DHS) to carry out a five-year program to share information about cybersecurity threats and vulnerabilities with the owners of critical infrastructure (such as power generation and water treatment plants). The bill also would require DHS to report on other federal cybersecurity efforts, such as providing safety labels for cybersecurity products and mitigating malicious Internet traffic. Using information from other agencies that share information about cyber threats—including the Department of Defense and the Office of the Director of National Intelligence—CBO anticipates that DHS would need ten full-time employees to create and manage the pilot program required under S. 2491. For this estimate, CBO assumes that the bill will be enacted in fiscal year 2022 and that DHS would begin to operate the pilot program in 2023. CBO estimates that staff salaries and software development costs to share cyber alerts would cost $4 million annually and total $16 million over the 2022-2026 period; such spending would be subject to the availability of appropriated funds.
