Senators propose state cyber coordinators
- By Derek B. Johnson
- Jan 21, 2020
A bipartisan group of senators has introduced a bill to improve cybersecurity communication and collaboration between the Department of Homeland Security and the states.
Recognizing that the cybersecurity threats to states has grown, the Cybersecurity State Coordinator Act of 2020 would require the Cybersecurity and Infrastructure Security Agency to designate an employee to serve as the principal federal contact for each state. These coordinators would be responsible for building strategic relationships with state and local governments as well as schools, hospitals, and other entities. They would serve as the principal information security risk advisor, supporting response and remediation efforts to ongoing cyber risks and incidents, facilitating information sharing, assisting with continuity of operations planning, assisting with coordinated vulnerability disclosure and other duties.
The findings section of the bill also mentions congressional concerns about threats from ransomware, advanced persistent threat hacking groups, and the need for greater engagement from the federal government to help build resiliency of other entities. The legislation was in part born out of past conversations with local officials who have expressed a desire for more federal support, according to Maggie Hassan (D-N.H.), one of the sponsors of the bill
"When New Hampshire’s Strafford County and Sunapee School District were hit by ransomware attacks this past year, officials had systems in place to mitigate damage," Hassan said. "But as they made clear to me, the federal government needs to do more to ensure that state and local entities have the resources and training that they need to prevent and respond to cyberattacks."
The CISA director would also be required to brief the House and Senate Homeland Security Committees a year after the bill's passage on the coordinators' effectiveness.
State and local governments have been hammered by ransomware attacks over the past year, forced between having their data wiped and paying a hefty ransom that still doesn’t guarantee the attackers will unlock their computers and systems. CISA has been at the forefront of those warnings and launched a program last year focused on protecting voter registration databases and other election infrastructure from ransomware, according to Reuters.
This article was first posted to FCW, a sibling site to GCN.
Derek B. Johnson is a former senior staff writer at FCW.