Portman, Peters Introduce Bipartisan Bill to Strengthen Cybersecurity Coordination with State and Local Governments

June 18, 2019 | Press Releases

WASHINGTON, DC – U.S. Senators Rob Portman (R-OH) and Gary Peters (D-MI) introduced bipartisan legislation to promote stronger cybersecurity coordination between the Department of Homeland Security (DHS) and state and local governments to safeguard against cyber threats. The State and Local Government Cybersecurity Act will encourage national cybersecurity watchdogs to share information regarding cybersecurity threats, vulnerabilities, breaches and resources to prevent and recover from cyberattacks with states and localities who are increasingly targeted by bad actors.

“Hackers with malicious intent can and do attack state and local cyber infrastructure consistently. Sometimes, state and local governments need some additional help or access to expertise to mitigate these threats,” said Senator Portman. “This bill will strengthen an existing relationship between the Department of Homeland Security and state and local partners to improve coordination and information sharing to help protect our IT infrastructure at all levels of government.”

“State and local governments are responsible for safeguarding everything from election systems to an increasing amount of sensitive personal data – from social security numbers and credit card information to detailed medical records,” said Senator Peters. “Despite being targeted by hackers and bad actors, states and local communities don’t always have access to the resources and expertise needed to protect your information from a breach. This bill will help strengthen coordination between federal cybersecurity professionals and state and local governments to address emerging threats and help keep Americans’ information safe.”

“The Center for Internet Security commends Senators Peters and Portman for introducing the State and Local Government Cybersecurity Act of 2019. This important legislation will help to enhance the cybersecurity infrastructure of U.S. state, local, tribal, and territorial governments, which is consistently reported as their least proficient capability,” said John Gilligan, Center for Internet Security, Inc. (CIS®) CIS President and CEO.  “We also applaud DHS’ continued leadership role in improving our country’s cybersecurity.”

In recent years, several state and local governments have been targeted by high-profile cyberattacks, costing taxpayers millions of dollars and threatening the data privacy of millions of Americans. Hackers have exposed cybersecurity vulnerabilities in the city of Atlanta and at the Colorado Department of Transportation, and more recently seized control over parts of the computer systems for the City of Baltimore. State and local governments are an attractive target because they possess a broad array of information about their citizens but often do not have the tools to adequately safeguard their systems. Financial constraints, limited resources and outdated equipment can all hinder local governments’ efforts to safeguard the personal data they collect.

The Multi-State Information Sharing and Analysis Center (MS-ISAC) is DHS’s round-the-clock cyber threat monitoring and mitigation center for state and local governments, operating in all 50 states and 6 territories to provide cybersecurity resources to the public and private sectors. The National Cybersecurity and Communications Integration Center (NCCIC) is the DHS branch tasked with coordinating various aspects of the federal government’s cybersecurity efforts and with organizing national responses to significant cyber incidents.

The State and Local Government Cybersecurity Act will facilitate coordination between DHS and state and local governments in several key areas. The legislation permits the NICCIC to provide guidance and training, upon request, to state and local governments on combatting cybersecurity threats and safeguarding critical infrastructure. The bill authorizes the NCCIC to provide state and local actors with access to improved security tools, policies and procedures, and encourages collaboration for the effective implementation of those resources, including the ability to conduct joint cyber exercises to test cybersecurity systems. The legislation builds on previous efforts by the MS-ISAC that identified Russian attempts to interfere in American elections systems, and strengthen collaboration to prevent, protect, and respond to future cybersecurity incidents. These changes will support the cybersecurity needs of election officials and their staffs, providing access to hardware and software products that will allow states and localities to bolster their cyber defenses.