9–8–8 Lifeline Cybersecurity Responsibility Act
Mar 12, 2025
Introduced: Mar 12, 2025
Mar 12, 2025
Introduced: Mar 12, 2025
Summary
Requires the 9-8-8 suicide prevention lifeline to protect against cyberattacks and report any security problems to the government quickly.
What problem does this solve?
The 9-8-8 suicide prevention lifeline handles sensitive information but lacks specific rules to protect it from cyberattacks. This bill adds requirements for the lifeline to improve its cybersecurity and report any security issues within 24 hours.
What does this bill do?
Mandatory 24-hour incident reporting
Forces local crisis centers and the national network administrator to report any identified cybersecurity problems or attacks to the government within 24 hours of discovering them.
Coordination with federal cybersecurity experts
Requires the 9-8-8 program to work with the Chief Information Security Officer of the Department of Health and Human Services to protect the network from cyber threats and fix known security weaknesses.
Study on cybersecurity risks
Directs the Comptroller General to conduct a study evaluating the cybersecurity risks and weaknesses of the 9-8-8 lifeline and report the findings to Congress within 180 days.
Clarifies technology oversight responsibilities
Specifies that local crisis centers are responsible for their own technology, unless the national network administrator is given that responsibility in their participation agreement.
Who does this affect?
- Individuals using the 9-8-8 suicide prevention lifeline
- Local and regional crisis centers
- The 9-8-8 network administrator
What is the real world impact?
•
Protects sensitive personal data
Ensures that personal information shared by people in crisis with the 9-8-8 lifeline is kept safe from hackers and that the service remains available without disruption from cyberattacks.
When does this start?
The new rules will start as soon as the bill becomes law, but one action has a specific deadline.
Cybersecurity risk study deadline
The Comptroller General must complete a study on the lifeline's cybersecurity risks and report to Congress within 180 days after the bill becomes law.