The National Governors Association this week urged federal lawmakers to act soon on passing legislation that would offer assistance to state and local governments for cybersecurity efforts. In a statement Tuesday, the group said it “commends” Congress for “taking a critical step forward” in helping states and municipalities defend their IT infrastructure from malicious actors, but added that members should go a bit further and actually pass a bill that would create a dedicated grant program.
“The rise of cyber incidents, intrusions and disruptions highlights the urgent need to establish a comprehensive approach to protect critical infrastructure at all levels of government,” the statement reads.
NGA’s statement mentioned specifically three bills currently under consideration, including S.1846, the State and Local Government Cybersecurity Act, which passed the Senate unanimously last year. It also listed H.R. 5823, the State and Local Cybersecurity Improvement Act, which would create a $400 million annual cybersecurity grant program administered by the Federal Emergency Management Agency with the guidance of the Cybersecurity and Infrastructure Security Agency and a 15-member advisory board made up of governors, state chief information officers and other state and local officials. (That bill was recently marked up by the House Homeland Security Committee.)
The third bill mentioned by the NGA is the State Cyber Resiliency Act, which also outlines a grant program, but has not advanced since it was introduced in the Senate last year.
The National Association of State Chief Information Officers has also made passing a cybersecurity assistance bill one of its top federal priorities this year. The group has already endorsed S.1846 and H.R. 5823, as well as the DOTGOV Online Trust in Government Act, which would help more state and local governments migrate their websites and email systems to the federally administered .gov top-level domain, which is widely considered more secure and trustworthy than the .com and .org sites many small, cash-strapped governments use.
According to NASCIO’s most recent survey of state chief information security officers, published in October 2018, state governments on average only commit 1 to 2 percent of their overall technology budgets toward cybersecurity, while security accounts for between 5 and 15 percent of IT spending at many federal agencies.
“Governors have continually called on Congress to provide additional resources to states to help strengthen their cybersecurity posture,” the NGA’s statement reads. “This year, there are several pieces of legislation before the Congress that would lay the groundwork for increased funding and resources to help states develop and implement innovative cybersecurity practices, help to build resources and human capital, better detect and analyze cyber threats, as well as help to enhance partnerships among different levels of government.”