A new bill in Congress includes language creating a pilot program that would extend the U.S. Cybersecurity and Infrastructure Security Agency’s network monitoring services for federal agencies to state and local governments.
The bill, introduced by Sens. John Cornyn, R-Texas, and Maggie Hassan, D-N.H., proposes a project, over up to three years, in which state, local and tribal governments could enroll in CISA’s Continuous Diagnostics and Mitigation program, which monitors federal agencies’ networks in close to real time and gives officials dashboards showing vulnerabilities to be addressed.
If enacted, the pilot program would include at least five state and local governments, provided those entities already follow one of several recognized cybersecurity frameworks — such as those offered by the Center for Internet Security or National Institute of Standards and Technology — and have the bandwidth to use the diagnostic services and make recommended changes.
The pilot program is tucked into a bill, first reported by the Washington Post, that also seeks to codify the CDM program into federal law. It’s also meant, in part, to “promote the adoption of a zero trust security model in improving cybersecurity readiness at the state, local, tribal, and territorial government level.”
State and local governments that are members of the Center for Internet Security’s federally funded Multi-State Information Sharing and Analysis Center have access to a range of monitoring and vulnerability management services. And some states, including Iowa and North Dakota, have recently opened or expanded security operations centers that offer 24-hour monitoring.
The MS-ISAC also recently received an $11 million boost in a federal spending bill.