The State and Local Government Cybersecurity Act improves collaboration between DHS and state and local governments by boosting the sharing of information and federal resources.
President Joe Biden signed a bill to increase cybersecurity coordination between the Department of Homeland Security and state, local, tribal and territorial governments.
State and local governments increasingly find themselves victims of cyberattacks, often because they do not have the expertise or resources to defend against sophisticated and persistent attackers.
The State and Local Government Cybersecurity Act improves collaboration between DHS and state and local governments in several key areas. The new law calls for the National Cybersecurity and Communications Integration Center (NCCIC) -- DHS’s 24/7 cyber situational awareness, incident response and management center -- to provide operational and technical cybersecurity training for state and local agencies related to threat indicators, defensive measures and incident response and management.
The bill sets up two-way information sharing. NCCIC is directed to help state and local agencies share threat indicators and information about cybersecurity risks and incidents with federal agencies and other SLTT organizations. For its part, NCCIC must notify state and local agencies about specific incident and malware that may affect them or their residents.
Through an easily accessible platform, NCCIC will update state and local agencies and provide information on tools, products, policies, standards, best practices as well as resources produced by federal agencies.
By working with national associations and senior state and local officials, including chief information officers and senior election officials, NCCIC will ensure the state and local agencies effectively implement technology solutions and the policies, controls and procedures to secure IT systems, including those used during elections.
NCCIC is also charged with helping state and local entities develop and coordinate vulnerability disclosure policies and promote cybersecurity education and awareness.
Within a year, the DHS secretary must report on the services provided to SLTT entities, according to the bill.
“Cybercriminals continue attacking state, local, tribal, and territorial government networks. The federal government needs to step in and take action to help these local communities – which often lack the resources to defend themselves – to quickly identify threats and seal up vulnerabilities in their information technology systems,” Sen. Gary Peters (D-Mich.), one of the authors of the bill, said in a statement after the Senate’s passage. “This bipartisan legislation will help local governments provide critical services to residents even in the event of a cyberattack.”