Concerned by the lapses in service and increased cyberattacks seen at state and local governments around the country during the coronavirus pandemic, lawmakers in the Cyberspace Solarium Commission announced Thursday they’ll soon introduce a pair of bills that would offer $28 billion in federal aid to modernize and secure the state and local IT systems in most dire need of upgrades.
Called the State and Local IT Modernization and Cybersecurity Act, the legislation would create three new grant programs. One would provide $25 billion for state and local government agencies to improve their digital systems over the next five years. Another $1 billion program would provide funding for urgent expenses precipitated by the pandemic, such as for moving employees into remote-work environments. A third program would provide $2 billion to address cybersecurity upgrades.
“Many state platforms are decades old, making defending them from nation-state adversaries like China or Russia next to impossible,” the announcement reads. “However, even when upgraded, states on the front lines of gray zone conflict in cyberspace need federal support to defend their networks against these high-tier threat actors.”
The commission’s announcement follows a May white paper from the group noting a widespread need to “build capacity to combat opportunistic cybercrime” and to digitize critical services. The group recognized that “prevention is far cheaper and preestablished relationships far more effective than a strategy based solely on detection and response.”
In particular, the commission cited concern in its Thursday announcement with states’ recent struggles to deliver services around unemployment, as decades-old systems were bombarded with far more applications than they were designed to handle. Many state agencies and localities have cited an increased incidence of phishing and other cyberattacks seeking to take advantage of employees no longer working from inside physical government offices. The IT security company Barracuda Networks in March published research showing a 667% increase in phishing attempts had occurred, many of them using promises of information about the pandemic as bait.
“COVID-19 has made it apparent how much legacy IT is affecting state and local governments operationally,” Rep. Jim Langevin, D-R.I., a Solarium commissioner who co-chairs the Congressional Cybersecurity Caucus, said in the announcement. “We need immediate investments to ensure state and local employees can safely work remotely, and we need IT modernization strategies to ensure that essential services, like unemployment insurance, can be provided to Americans in need.”
The legislation arrives after failed attempts by groups like the National Association of State Chief Information Officers — which endorsed the new pair of bills — the National Governors Association and the National Association of Counties to get Congress to provide funding specifically marked for technology and cybersecurity upgrades. After talks stalled this month to provide state and local governments with any additional pandemic relief, the new legislation could console the many administrators currently planning massive program cuts.
County governments alone may face budget shortfalls totaling $202 billion, and more than 71% of counties have reported plans to cancel or delay planned capital investments — like IT and cybersecurity upgrades. Cities and states, too, have reported plans of large cuts as their sales tax and fee revenues plummeted during the pandemic.
In a phone interview, Langevin told StateScoop he recently spoke with House Speaker Nancy Pelosi about potentially adding the legislation to any upcoming pandemic relief package, but that he believes even passing it through a regular appropriations process will be possible given its bipartisan sponsorship and the pandemic’s illuminating effects. The shortcomings of state and local IT systems, he said, are obvious to policymakers today in a way they weren’t in years past.
“We’re hearing from constituents who are either waiting in line or waiting hours on end, if not days on end, trying to get someone on the phone or to be able to file a claim electronically, but can’t do it because systems have crashed,” Langevin said. “Now policymakers and legislators really get it. They understand that we can solve this problem and address it through an IT modernization program, it makes it something that’s more vivid, it makes it real and relevant, and that’s why I think there’s an urgency of now to get this bill done and I have confidence it has the momentum that we need to get it across the finish line.”