Bill Would Create State Cybersecurity Leader PositionsDHS Would Fund Coordinators for Every State
A bipartisan group of U.S. senators has introduced legislation that would require the Department of Homeland Security to appoint cybersecurity leaders in each state to help combat growing cyberthreats against units of local government.
The Cybersecurity State Coordinator Act of 2020 aims to strengthen state and local governments' response to cybersecurity incidents in a timely manner as well as ensure that threat intelligence is better shared between the state and federal governments, the backers say.
Under the proposed law, the director of Department of Homeland Security's Cybersecurity and Infrastructure Security Agency would be required to appoint an employee of the agency in each state who would serve as cybersecurity state coordinator. The bill also would mandate the federal government earmark funds for the creation of these positions.
Cybersecurity State Coordinators
Under the legislation, the new state-level coordinators would:
- Serve as a principal federal cybersecurity risk adviser and coordinate efforts to support preparation, response and remediation efforts;
- Raise awareness of the financial, technical and operational resources available from the federal government to nonfederal entities;
- Support training, exercises and planning for continuity of operations to expedite recovery from cybersecurity incidents;
- Assist nonfederal entities in developing and coordinating vulnerability disclosure programs consistent with federal and information security industry standards.
The bipartisan bill comes at a time when federal agencies are stepping up their efforts to coordinate the sharing of data and threat intelligence before the November election.
On Jan. 16, for instance, the FBI announced a new policy to give timely breach notifications to state and local officials concerning election hacking and foreign interference. The FBI will also work with the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency to notify state and local officials (see: FBI Promises 'Timely' Election Breach Reports for Officials)
The new bill was introduced by senators Maggie Hassan, D-N.H. and Gary Peters, D-Mich., and is co-sponsored by Republicans John Cornyn of Texas and Rob Portman of Ohio.
Cyberattacks can be devastating - blocking access to public services and schools or shutting down electrical grids. We must ensure that state and local entities have the resources they need to prevent and respond to these attacks. https://t.co/SxbUwlJKI9— Sen. Maggie Hassan (@SenatorHassan) January 17, 2020
This legislation would pave the way for better cybersecurity threat management at the local level, Portman says.
"This bipartisan bill, which creates a cybersecurity state coordinator position, would help bolster state and local governments' cybersecurity by facilitating their relationship with the federal government to ensure they know what preventative resources are available to them as well as who to turn to if an attack occurs," Portman says.
Hassan says she's working with members of the House to introduce similar legislation in that chamber, according to The Hill.
In October, the Senate unanimously passed a related bill, DHS Cyber Hunt and Incident Response Teams Act 2019, which was also sponsored by Hassan and Portman (see: Bill Calling for DHS Cyber Incident Mitigation Teams Advances)
That bill would create teams within the Department of Homeland Security that would help private businesses, as well as state and local government agencies, respond and recover from cyber incidents such as ransomware attacks, and rebuild their infrastructure.
Over the last year, a number of cities and other units of local government have been hit with ransomware that has crippled local infrastructure and disrupted services for citizens (see: New Orleans' Mission: Clean 4,000 Computers in 48 Hours).
In addition to ransomware, lawmakers are raising concerns over what a nation-state attack might mean for state and local governments. At a Congressional hearing earlier this month, security and political experts warned that nation-state attacks and disinformation campaigns against government agencies are likely to surge in the aftermath of Iranian Major General Qasem Soleimani's death (see: Congress Hears Warnings of Iranian Cyberthreats).
In that hearing, experts highlighted a number of the federal government's deficiencies when it comes to countering cyberthreats and requested that Congress devise an effective notification mechanism to alert the public.