Combat Emerging Threats to Critical Infrastructure Act of 2026
Sponsored By: Senator Warner, Mark R. [D-VA]
Introduced
Summary
Requires the Cybersecurity and Infrastructure Security Agency (CISA) Director to update and maintain sector-specific plans to address technology-facilitated threats, with special focus on artificial intelligence, cloud, and supply-chain vulnerabilities. The updates cover 16 named critical infrastructure sectors and create a standing schedule for reassessments and reports.
Show full summary
- Operators and sector managers must adopt updated risk practices that cover AI-driven attacks, degradation of AI systems and supply chains, cloud and robotics risks, zero-trust principles, and digitally manipulated media. The Director must finish initial updates for all 16 sectors within 1 year and reassess each plan at least every 2 years.
- Financial services and digital-asset participants will get targeted analysis: the Director must coordinate with the Secretary of the Treasury to identify cryptographic and quantum-computing vulnerabilities affecting digital assets.
- Federal agencies and private partners must deepen coordination and threat-intelligence sharing. The Director must work with Sector Risk Management Agencies and provide each updated sector plan to the relevant congressional committees within 30 days of completion.
Your PRIA Score
Personalized for You
How does this bill affect your finances?
Sign up for a PRIA Policy Scan to see your personalized alignment score for this bill and every other piece of legislation we track. We analyze your financial profile against policy provisions to show you exactly what matters to your wallet.
Bill Overview
Analyzed Economic Effects
1 provisions identified: 1 benefits, 0 costs, 0 mixed.
Stronger cyber plans for infrastructure
This bill would require CISA to update cybersecurity and resilience plans for 16 named critical infrastructure sectors. CISA would finish the first updates within 1 year of enactment. Plans would address AI and AI supply-chain risks, AI-enabled network exploitation, cloud and robotics risks, and zero-trust principles. Plans would also address social-engineering threats and digitally manipulated media like deepfakes, and strengthen interagency and public-private threat-intelligence sharing. For the Financial Services sector, CISA would coordinate with the Treasury Secretary to identify digital-asset vulnerabilities tied to quantum-era cryptography. CISA would coordinate with Sector Risk Management Agencies, deliver each updated plan to specified congressional committees within 30 days, and reassess and revise plans not later than 2 years after the initial updates and at least once every 2 years thereafter.
Sponsors & CoSponsors
Sponsor
Warner, Mark R. [D-VA]
VA • D
Cosponsors
There are no cosponsors for this bill.
Roll Call Votes
No roll call votes available for this bill.
View on Congress.gov