Sens. Gary Peters, D-Mich., and Rob Portman, R-Ohio, introduced the State and Local Government Cybersecurity Act on June 18.
The bipartisan legislation is intended to strengthen cybersecurity coordination between the Department of Homeland Security (DHS) and state and local governments. The Act would “would encourage national cybersecurity watchdogs to share information regarding cybersecurity threats, vulnerabilities, breaches and resources to prevent and recover from cyber-attacks with states and localities who are increasingly targeted by bad actors,” according to the bill’s cosponsors.
“State and local governments are responsible for safeguarding everything from election systems to an increasing amount of sensitive personal data – from social security numbers and credit card information to detailed medical records,” said Senator Peters, who serves as the Ranking Member of the Senate Homeland Security and Governmental Affairs Committee. “Despite being targeted by hackers and bad actors, states and local communities don’t always have access to the resources and expertise needed to protect your information from a breach. This bill will help strengthen coordination between Federal cybersecurity professionals and state and local governments to address emerging threats and help keep Americans’ information safe.”
The legislation would help improve coordination in a few key ways. First, the bill would permit the National Cybersecurity and Communications Integration Center (NICCIC) to “provide guidance and training, upon request, to state and local governments on combatting cybersecurity threats and safeguarding critical infrastructure.” The bill further authorizes the NICCIC to provide state and local actors with access to “improved security tools, policies and procedures, and encourages collaboration for the effective implementation of those resources, including the ability to conduct joint cyber exercises to test cybersecurity systems.” Peters and Portman also noted that the legislation would build on previous work by the Multi-State Information Sharing and Analysis Center (MS-ISAC), which identified Russia’s attempt to interfere with the U.S. election system, and would strengthen collaboration between the MIS-ISCA and SLGs to “prevent, protect, and respond to future cybersecurity incidents.” The senators said that these changes would “support the cybersecurity needs of election officials and their staffs, providing access to hardware and software products that will allow states and localities to bolster their cyber defenses.”
State and local government cybersecurity leaders stressed the variety of cyberthreats they face and praised the bill for providing more resources and tools to help shore up SLGs’ cybersecurity posture.
“Every day our state and local government networks experience millions of intrusion attempts by those looking to do harm,” said Chris DeRusha, chief security officer for the State of Michigan. “This bill will help the state of Michigan access resources, tools and expertise developed by Federal government and national cybersecurity experts, which will enhance the security of the information Michiganders have entrusted us to keep safe.”
Mark Hackel, Macomb County (Mich.) executive, agreed, “This cooperation with fFderal, state, and local agencies will advance our abilities to fight off cyber threats. In Macomb County, we have been working diligently with our academic partners to train the next generation cybersecurity professional to stay ahead of vulnerabilities and cyber breaches. This next step in collaboration will ensure that knowledge-sharing occurs at all levels of government and is key to our defense against attacks.”
The legislation also received praise from cybersecurity industry groups.
“This important legislation will help to enhance the cybersecurity infrastructure of U.S. state, local, tribal, and territorial governments, which is consistently reported as their least proficient capability,” said John Gilligan, president and CEO of the Center for Internet Security.