The U.S. Senate on Thursday unanimously passed a bill creating new grants and other programs designed to help states and localities with their cybersecurity efforts, potentially advancing efforts to make more federal resources available for lower rungs of government that have been struggling to fend off a seemingly open-ended series of ransomware attacks and other threats.
The State and Local Government Cybersecurity Act, introduced by Sens. Gary Peters, D-Mich., and Rob Portman, R-Ohio, allows the National Cybersecurity and Communications Integration Center — the federal government’s hub for sharing information about cyberthreats to the nation’s critical infrastructure — to provide more tools to lower levels of government, authorize the sharing of more classified information with chief information officers and other top state and local officials, and create more training programs for IT workers.
The bill, introduced in May, was endorsed by the National Association of State Chief Information Officers, whose members are increasingly consumed by having to respond to cyberattacks, despite state governments only committing an average of 1 to 2 percent of their IT budgets toward cybersecurity, according to a 2018 NASCIO survey.
“The CIOs and the CISOs don’t have enough manpower to make sure that they are able to deal with every threat that they face. And then you combine that with there being only a few revenue streams federally for states to get cybersecurity funding,” Matt Pincus, NASCIO’s government affairs director, said in July when the group endorsed the bill.
Peters and Portman’s bill also sends more resources to the Center for Internet Security, the nonprofit organization in Upstate New York that operates the Multi-State Information Security and Analysis Center, a clearinghouse for state- and local-government cybersecurity resources and information. CIS also distributes devices known as Albert monitors, which help government IT administrators detect illicit attempts to penetrate the networks they manage. The legislation would fund placement of more sensors throughout state and local government organizations, as well as the hiring of 15 new full-time employees at the National Cybersecurity and Communications Integration Center. The Congressional Budget Office has estimated these components will cost $31 million over five years.
While a press release from Peters and Portman touts their colleagues’ unanimous support for their bill, it still lacks a companion measure in the House.