Strengthening Cyber Resilience Against State-Sponsored Threats Act

This bill aims to protect U.S. critical infrastructure (like power, water, transportation, and hospitals) from state‑sponsored cyber threats from China, including the group known as “Volt Typhoon.” It creates a joint task force to coordinate federal efforts, study the risks, and recommend fixes. The task force is led by the Cybersecurity and Infrastructure Security Agency (CISA) and works with the FBI and other federal agencies that oversee key infrastructure sectors to detect, analyze, and respond to these threats .

The task force must share and review information across agencies, protect classified data, and report on what it learns. It will deliver a first report 540 days after it is set up, then yearly reports for five years. Each report comes with a classified briefing for Congress and an unclassified summary the public can read on the Department of Homeland Security website. The reports will cover sector‑by‑sector risks, what resources are needed, how attacks could disrupt daily life and even military movement, and practical steps owners and operators can take. The task force must also propose a one‑time awareness campaign to help infrastructure owners and operators find federal security help. The task force ends after its final required briefing .

Key points

• Who is affected: Federal cybersecurity teams (CISA, FBI and others) and owners/operators of critical infrastructure; the public benefits from stronger protections .
• What changes: A new task force coordinates defenses, shares information, studies risks, and publishes public summaries with recommendations; it also plans an awareness campaign for infrastructure operators .
• When: Task force set up within 120 days of enactment; first report due 540 days after that; annual reports for five years; public summaries posted after each report; task force ends after the final briefing .