The Senate unanimously passed a bill Nov. 21 directing the Department of Homeland Security to assist state and local governments with cybersecurity.
The bill, called the State and Local Government Cybersecurity Act, would improve better cybersecurity coordination between states and DHS through the department’s National Cybersecurity and Communications Integration Center (NCCIC). The bill would allow the NCCIC to provide state and local officials with access to security tools and procedures, as well as participation in joint cybersecurity exercises.
“Every day our state and local government networks experience millions of intrusion attempts by those looking to do harm,” said Chris DeRusha, chief security officer for the state of Michigan, in a statement. “This bill will help the state of Michigan access resources, tools and expertise developed by federal government and national cybersecurity experts, which will enhance the security of the information Michiganders have entrusted us to keep safe.”
The bill was introduced by Sens. Gary Peters, D-Mich, and Rob Portman, R-Ohio. Peters is the ranking member on the Senate Homeland Security Committee.
Across the country, state and local governments have been prime targets for ransomware attacks, in which a hacker encrypts data and offers to unlock it for a key. Just last week, Louisiana announced that some of its state databases had been attacked, though they lost no data. Other states haven’t been as lucky. Colorado’s transportation department was recently hit. The city of Baltimore is expected to pay more than $18 million rebuilding its systems after a ransomware attack earlier this year. Ransomware attacks have also closed schools and hospitals.
States’ IT staff are also under-resourced, a tough problem when paired with the well-known cybersecurity workforce shortage.
“State and local governments with limited resources and cybersecurity expertise can struggle to secure their systems against malicious hackers that could expose their constituents’ personal data,” said Peters. “I’m pleased the Senate passed my bipartisan bill that will help ensure all levels of government can bolster their defenses and protect themselves from sophisticated cyberattacks.”
The legislation would also “build on” previous work by the Multi-State Information Sharing and Analysis Center in preventing and responding to cyberattacks, the news release said.
“In Macomb County, we have been working diligently with our academic partners to train the next generation cybersecurity professional to stay ahead of vulnerabilities and cyber breaches," said Mark A. Hackel, Macomb County (Mich.) Executive. “This next step in collaboration will ensure that knowledge-sharing occurs at all levels of government and is key to our defense against attacks.”
Information sharing was a sore point between DHS and states during the 2016 election. Federal and state officials want to improve in this area heading into next year’s election.
According to Congress.gov, which tracks congressional legislation, there is no companion bill in the House.
Andrew Eversden covers all things defense technology for C4ISRNET. He previously reported on federal IT and cybersecurity for Federal Times and Fifth Domain, and worked as a congressional reporting fellow for the Texas Tribune. He was also a Washington intern for the Durango Herald. Andrew is a graduate of American University.