$28 Billion for State Security, IT Upgrades ProposedLegislation Based on Cyberspace Solarium Commission's Recommendations
A bipartisan group of federal lawmakers has proposed providing $28 billion to state and local governments to bolster their cybersecurity and IT infrastructures.
See Also: Top 50 Security Threats
The funding would be provided under the State and Local IT Modernization and Cybersecurity Act, introduced Thursday. The proposal is based on recommendations laid out in a recent Cyberspace Solarium Commission report and subsequent white papers. Those documents called for federal aid to assist state and local governments in migrating legacy IT infrastructure to modern, secure platforms, including cloud-based services.
Released in March, the Cyberspace Solarium Commission report described more than 75 recommendations for revitalizing U.S. cybersecurity, with a special emphasis on election security (see: Commission Calls for Revamping US Cybersecurity).
The bill that would provide funding to state and local governments is co-sponsored by Reps. Jim Langevin, D-R.I., and Mike Gallagher, R-Wis., and Sen. Angus King, I-Maine. Gallagher and King served as co-chairs of the Cyberspace Solarium Commission.
Langevin notes the response to the COVID-19 pandemic shows the need to improve secure IT infrastructures at the state and local level to improve services, such as delivering unemployment compensation payments. He adds that reports of foreign governments attempting to steal data related to vaccine research is another reason to bolster cybersecurity (see: DOJ: Chinese Hackers Targeted COVID-19 Vaccine Research).
"In our initial report, the Solarium Commission recognized that outdated state and local government systems were attractive targets for our adversaries and that we needed to help them migrate to secure, cloud-based infrastructure," says Langevin, who sat on the commission. "COVID-19 has made it apparent how much legacy IT is affecting state and local governments operationally. We need immediate investments to ensure state and local employees can safely work remotely, and we need IT modernization strategies to ensure that essential services, like unemployment insurance, can be provided to Americans in need."
The bill proposes creating two programs to distribute federal funds to state and local governments. The "Modernizing Information Technology Program" would create a $25 billion fund to purchase new and more secure platforms, while the "Public Health Emergency Information Technology Grant Program" would include $1 billion to address immediate challenges to IT systems affected by the COVID-19 pandemic.
The bill also would create a "State and Local Cybersecurity Grant Program" that would provide money to states to address other cybersecurity issues, such as risks to local infrastructure. The Department of Homeland Security's Cybersecurity and Infrastructure Security Agency would distribute $2 billion over four years to the states.
"Outdated legacy systems not only threaten state and local governments' ability to deliver critical services, but can also expose sensitive data to cyberthreats," Gallagher says.
The bill won praise from Doug Robinson, the executive director of the National Association of State Chief Information Officers.
"As states are charged with administering critically important federal programs and benefits, this legislation aims to make significant investments in modernizing state and local IT infrastructure," Robinson says.
Republicans and Democrats in the House have introduced the National Cyber Director Act, which calls for restoring the cybersecurity director position within the White House, which was eliminated by the Trump administration. Similar legislation introduced earlier failed to advance (see: Congress Debates Renewal of National Cyber Director Role).
The re-establishment of a cybersecurity director position is another recommendation contained in the Cyberspace Solarium Commission report.