- A reintroduced cybersecurity bill hopes to help state and local governments fight against the increasing number of cybersecurity threats.
The State and Local Cyber Protection Act will require more coordination with the Department of Homeland Security (DHS), such as better assistance and training for state, local, and tribal governments in their cybersecurity measures.
Senator Gary Peters, a member of the Senate Armed Services and Homeland Security Committees, was one of the lawmakers who reintroduced the bill. He maintained that the US is facing an “ever-growing threat from increasingly sophisticated cyber attacks.”
“State and local governments face unique cybersecurity threats that can endanger critical infrastructure, as well as residents’ sensitive personal and financial data,” Peters said in a statement. “This bipartisan legislation will help ensure every level of government has the necessary tools to protect their networks and respond to cyber attacks.”
The legislation would specifically require DHS’s National Cybersecurity and Communications Integration Center (NCCIC) to coordinate with the state and local governments in several areas. For example, the NCCIC would need to provide assistance when requested in identifying cyber vulnerabilities and appropriate security protections.
Additionally, NCCIC will provide necessary information security tools, policies, procedures, and other materials to smaller governments, and work with them to coordinate effective implementation of those resources.
The following measures were also outlined as ways that the legislation will aid state and local governments:
- Technical and operational assistance, upon request, to utilize technology in the analysis, continuous diagnosis and mitigation, and evaluation of cyber threats and responses
- Assistance to develop policies and procedures consistent with industry best practices and international standards, including cybersecurity frameworks developed by the National Institute of Standards and Technology
- Technical assistance and cybersecurity training, upon request, to state and local personnel and fusion center analysts
- Privacy and civil liberties training as relates to cybersecurity, focusing on consistency with existing privacy laws and DHS policies, minimizing the retention and use of unnecessary information, and prompt removal of the personally identifiable information “unrelated” to a cyber threat.
Senator David Perdue also introduced the bill, explaining that there must be coordination across all levels of government to ensure that the nation can properly combat the increasing amount of cybersecurity threats.
“This is key in to combating the asymmetric threats we face on a daily basis,” said Perdue, who is also a member of the Armed Services Committee. “I’m proud Georgia is on the front lines of training the next generation of cyber warriors and I will continue working with Senator Peters and my colleagues to expand on cybersecurity innovation and improve communication.”
Training is also a key part of the legislation, and must align with the Privacy Act of 1974, the bill states.
“[Training must] reasonably limit, to the greatest extent practicable, the receipt, retention, use, and disclosure of information related to cybersecurity risks and incidents associated with specific persons that is not necessary, for cybersecurity purposes, to protect an information system or network of information systems from cybersecurity risks or to mitigate cybersecurity risks and incidents in a timely manner.”
National Association of Counties Executive Director Matthew Chase said in a statement that the Act was an important step forward and helps ensure that US counties can properly mitigate cybersecurity threats.
“As county governments deploy modern technology to provide services to residents, it’s important that we have access to resources and expertise to address data breaches and cyber-attacks,” Chase stated. “Counties and states are also responsible for managing information that must be safeguarded for privacy and personal protection.”
The bill was previously introduced in the last Congress, but was never put up for a vote. In March 2016, it was read twice and then referred to the Committee on Homeland Security and Governmental Affairs.