New Legislation Tightens CISA with State, Local Governments to Fortify Cybersecurity
President Joe Biden has signed three bipartisan cybersecurity bills aimed to strengthen ties between the Cybersecurity and Infrastructure Security Agency (CISA) and state and local governments.
Government agencies are frequent targets of hackers, many of whom consider it low lying fruit for a lack of necessary resources to lock down their networks. Indeed, Michigan, the home state of Sen. Gary Peters (D), who authored the measures, is hit by 90 million hacking attempts daily, according to its chief security officer. Taken together, the bills are intended to increase coordination between the federal government and state and local governments, fortify the cyber workforce and secure federal information technology supply chains against cyber threats.
The State and Local Government Cybersecurity Act facilitates coordination between the Department of Homeland Security and state and local governments in several key areas:
- Requires CISA to provide state and local actors with access to improved security tools, policies and procedures.
- Encourages collaboration for the effective implementation of those resources, including joint cybersecurity exercises.
- Builds on previous efforts by the Multi-State Information Sharing and Analysis Center (MS-ISAC) to prevent, protect, and respond to future cybersecurity incidents.
- Ensures that government officials and their staffs have access to the hardware and software products needed to bolster their cybersecurity defenses.
The Federal Rotational Cyber Workforce Program Act creates a civilian personnel rotation program for cybersecurity professionals at federal agencies. The legislation:
- Enables employees to spend time working at different government agencies, allowing them to gain experience beyond their primary assignment and expand their professional networks.
- Provides opportunities to help attract and retain cybersecurity experts in the federal government by offering civilian employees opportunities to enhance their careers, broaden their professional experience, and foster collaborative networks by experiencing and contributing to the cybersecurity mission beyond their home agencies.
And, the Supply Chain Security Training Act:
- Directs the General Services Administration (GSA), in coordination with the Department of Homeland Security (DHS), Department of Defense (DOD) and the Office of Management and Budget (OMB), to create a supply chain security training program for federal officials with supply chain risk management responsibilities.
- Requires OMB to develop guidance for federal agencies to adopt and use the training program and how to select officials to participate in the training.
“Increasingly complicated cyber-attacks on everything from state and local networks to federal information technology systems show why our nation must have adequate resources and qualified personnel to defend against criminal hackers and foreign adversaries for years to come,” said Peters. “These new laws will bolster cybersecurity at every level of government, and ensure we are prepared to prevent cyber-attacks that continue to disrupt lives and livelihoods, and threaten our national security.”