A new federal program placing cybersecurity advisers employed by the Department of Homeland Security in every state will help close gaps between federal authorities and state and local entities when it comes to responding to information security threats, one of the lawmakers who sponsored the new program said Thursday.
Appearing during a National Governors Association conference on cybersecurity, Sen. Maggie Hassan, D-N.H., said the federal government has a responsibility to help states and localities respond to threats that hasn’t always gone fulfilled.
“For too long, smaller more vulnerable entities have gone with critical protection,” she said.
Hassan, who sits on the Senate Homeland Security and Government Affairs Committee, was one of the sponsors of a bill directing the Cybersecurity and Infrastructure Security Agency to hire a cybersecurity coordinator for each state, to act as liaisons between CISA and local public and private sectors. Hassan’s bill was later folded into the National Defense Authorization Act, an annual package outlining the federal government’s national security priorities that was enacted New Year’s Day when Congress overrode a veto by then-President Donald Trump.
These coordinators, when installed, are also meant to function as risk advisers and emissaries for the federal government’s catalog of cyber capabilities, including resources aimed at combatting ransomware, fraud and other online threats. The coordinators will also be available to help state and local governments develop or refine cyber-incident response plans.
“We must fundamentally change our approach to cyberthreats, and that starts with supercharging the coordination and collaboration the federal government has with states, as well as the private sector,” Hassan told the NGA audience.
Separately on Thursday, CISA Acting Director Brandon Wales announced the agency is ramping up its promotion of the resources and services it offers to local governments, school districts and the health sector in defending against ransomware.
During the NGA event, Hassan also said the need for greater coordination between different levels of government has been underscored by the suspected Russian hacking operation that breached several federal agencies and at least three states by exploiting software made by the IT contractor SolarWinds.
“While we work to combat large-scale threats at the federal level, we have to strengthen cybersecurity throughout our society,” she said. “If an American city or health care system can’t function because of a cyberattack, then that’s an attack on the security all of us. We must help protect state and local entities. Bad actors continue to target states and communities.”
In addition to the state coordinator bill, Hassan is a proponent of creating an annual grant program funding state and local cybersecurity efforts, which has been endorsed by the National Association of State Chief Information Officers. During a confirmation hearing last week, Alejandro Mayorkas, President Joe Biden’s nominee for DHS secretary told Hassan he would “look forward to considering a grant proposal.”