The Senate Committee on Homeland Security and Governmental Affairs passed multiple cybersecurity bills, including the Cybersecurity Vulnerability Identification and Notification Act of 2019 and the Cybersecurity State Coordinator Act of 2020 at a March 11 markup.
The Cybersecurity Vulnerability Identification and Notification Act, and its companion bill in the House, gives the Cybersecurity and Infrastructure Security Agency (CISA) the legal authority to notify public and private sector organizations about entities put at risk by cybersecurity vulnerabilities.
“This is the authority that [CISA Director] Chris Krebs came to us asking for,” Chairman Ron Johnson, R-Wis., said. “In order to keep this nation safe and secure, they [CISA officials] need the ability to actually notify the person that they know is being attacked. Right now, they don’t have that capability. So, this is an incredibly important piece of legislation.”
The Cybersecurity State Coordinator Act establishes a new program within CISA to provide each state with a Federally funded Cybersecurity Coordinator to prevent and respond to cybersecurity threats. It’s meant to supplement the funding and resource challenges faced by state and local officials as they attempt to protect government cyber from malicious actors.
As one of the sponsors of the bill Sen. Maggie Hassan, D-N.H., explained, “Across the country, state and local governments have been hit really hard by ransomware attacks and other cyberattacks … The bill would install a cybersecurity expert from the Department of Homeland Security in every state in order to help prepare state and local governments for cyberattacks and to help them recover quickly when those attacks do in fact occur.”
“This markup is an indication of how we can work together. Sometimes when we come into these there’s some big differences between us, but we always try to find that common ground which is important,” Ranking Member Gary Peters, D-Mich., said of the committee’s legislative action.