The Senate Homeland Security Committee on Wednesday advanced legislation aimed at making it easier for state and local governments to share information and receive intelligence from federal cybersecurity officials, including the Department of Homeland Security’s 24/7 monitoring unit.
The plainly titled State and Local Cybersecurity Act, sponsored by the panel’s chairman, Gary Peters, D-Mich., and Rob Portman, R-Ohio, is aimed at giving states and localities access to DHS’s cyber resources, including security tools, policies and procedures developed by the National Cybersecurity and Communications Integration Center, DHS’s main threat-analysis and information-sharing facility.
Like other bills in a recent flurry of cybersecurity legislation to come through Congress, lawmakers attributed this measure to the uptick in ransomware attacks, including a recent incident in Tulsa, Oklahoma, in which hackers have attempted to extort city leaders by leaking thousands of sensitive files.
“As we’ve seen from the many recent cyberattacks, hackers with malicious intent can and do attack state and local cyber infrastructure consistently,” Portman said in a press release. “Sometimes, state and local governments need some additional help or access to expertise to address these threats.”
According to the bill, the NCCIC could “provide operational and technical cybersecurity training related to cyberthreat indicators, proactive and defensive measures, cybersecurity risks and vulnerabilities,” as well as assistance with incident response, to federal and non-federal entities alike. Much of that relationship with state and local governments, it states, could be facilitated through organizations like the Multi-State Information Sharing and Analysis Center, the DHS-backed operation for state and local cybersecurity run by the nonprofit Center for Internet Security.
The bill would also further formalize federal cyber officials’ relationships with state chief information officers and election officials to “coordinate a nationwide effort to ensure effective implementation of tools, products, resources, policies, guidelines, controls, and procedures related to information security.” That means CIOs and other state and local officials could request tools, controls and other resources if they need assistance.
“As cybercriminals continue targeting the networks of state, local, tribal, and territorial governments, it’s critical the federal government provides them with the tools to fight back, protect sensitive information, and ensure they can continue to serve their residents,” Peters said in the press release.
The bill was also one of several cybersecurity-related measures the Senate committee advanced Wednesday. Meanwhile, the House has undertaken its own share of legislation lately, including one bill aimed at creating an information-sharing operation serving K-12 school districts.
The Senate is also negotiating passage of a $1 trillion infrastructure spending package, including $1 billion for a new cybersecurity grant program supporting state and local governments.