Faced with a Godzilla-like rampage of coronavirus (COVID-19)-related cyber attacks, state and local governments are taking another run at Congress to help shore up their cybersecurity defenses with badly needed funding, a new report said.
In a letter to House Speaker Nancy Pelosi (D-SF), Reps. Bennie Thompson, (D-MS), Jim Langevin (D-RI) and Cedric Richmond (D-LA) said direct federal assistance to state and local agencies is needed to keep public services, such as unemployment insurance, operational through the pandemic, and should be included in the next stimulus package.
“State unemployment websites have been overwhelmed by the unprecedented onslaught of new applicants, resulting in hours-long wait times to access online applications and website crashes,” the legislators wrote. Thompson chairs the House Homeland Security Committee and Richmond chairs the subcommittee.
While the $3 trillion HEROES Act includes $1 trillion in funding for state, local, tribal and territorial governments, the bill did not provide funds to keep state and local services protected from hackers. For example, earlier this month, a cyber gang used stolen credentials to heist millions of dollars in unemployment benefits from Washington state, the Associated Press reported.
A month ago, 12 government-related associations, including the National Governors Association, the National League of Cities, and the National Conference of State Legislatures, signed off on a letter to Congressional leadership arguing for a “dedicated cybersecurity program” to better equip state and local governments to handle stark increases in teleworking, spikes in cyber attacks and “enhance partnerships” among various government agencies.
“COVID-19 has required our work forces, educational systems and general way of life to quickly move remotely, exerting greater pressure on cybersecurity and IT professionals and increasing the risk of vulnerabilities and gaps to state and local networks,” the groups wrote. “These gaps are exacerbated by systems requiring modernization that do not foster remote work, which also increases the risks to employees supporting these systems."
The call-to-action was apparently heard by some members of Congress, including Richmond, Thompson and others, The Hill reported. Richmond told The Hill that he is “committed to this effort and am looking for other opportunities and legislative vehicles to get these important resources into the hands of state and local governments.” Networks “lack the capacity to process the increased traffic” brought about by cyber attacks, he said. “It is time to recognize the cybersecurity and IT modernization for state and local governments is essential to the success of our response and recovery efforts.”
Richmond and Thompson are among a group of legislators that have asked for $400 million for state and local cybersecurity in the next stimulus package. "State and local governments have been critical in our fight against COVID-19, providing essential services that help combat the disease and deliver relief to the most vulnerable," Rep. John Katko (R-NY) said, The Hill reported. "At a time of unprecedented need for these services, we need to ensure governments have the necessary resources and guidance to protect against, and recover from cyber-attacks."
Two weeks ago, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the U.K.’s National Cyber Security Centre (NCSC) warned that local governments are among the active targets of advanced persistent threat actors.