Earlier this month, bipartisan legislation was introduced in both the U.S. Senate and the U.S. House of Representatives to help state, local and tribal governments more effectively counter cyber-threats.
The State Cyber Resiliency Act would create a cybersecurity grant program, managed by the Department of Homeland Security’s Federal Emergency Management Agency, aimed at supporting states in the development and implementation of cyber-resiliency plans. The bill seeks to support robust planning to mitigate and respond to cyber-attacks by supporting state efforts to identify and detect vulnerabilities and respond to and recover from cyber-breaches.
Notably, the State Cyber Resiliency Act also includes provisions to encourage states in invest in the cybersecurity workforce. In particular, the legislation:
- Encourages states to develop cyber-resiliency plans to fulfill the essential functions of mitigating talent gaps in the state government cybersecurity workforce, enhancing recruitment and retention efforts, and bolstering the knowledge, skills and abilities of state government personnel to protect again cyber-threats and vulnerabilities.
- Allows states to use implementation grant funds to establish programs, such as scholarships or apprenticeships, to provide financial assistance to state residents who pursue formal education, training and industry-recognized certifications for careers in cybersecurity as identified by the National Initiative for Cybersecurity Education and commit to working for state government for a specified period of time (based on Virginia’s successful Cybersecurity Public Service Scholarship Program).
- Gives priority consideration to states that may face low cybersecurity workforce supply and high cybersecurity workforce demand; as identified by the National Institute of Standards and Technology’s CyberSeek Cybersecurity Supply/Demand Heat Map.
In unveiling this legislation, the bill sponsors highlighted a 2015 Ponemon Institute study that found 50 percent of state and local governments faced six to 25 cyber-breaches in the past 24 months. Additionally, in the past year, Russian hackers have breached more than 200,000 personal voter records in Illinois and Arizona. Lawmakers also observed that 80 percent of states lack funding to develop sufficient cybersecurity and most states currently use less than two percent of their IT budget on cybersecurity.
Introduced in the Senate by Cybersecurity Caucus Co-Chairs Cory Gardner, R-Colo., and Mark Warner, D-Va., the legislation has been referred to the Senate Committee on Homeland Security and Governmental Affairs.
The House bill, introduced by House Science, Space, and Technology Subcommittee on Research and Technology Chairman Barbara Comstock, D-Va., and New Democrat Coalition Cybersecurity Task Force Co-Chair Derek Kilmer, D-Wash., will now be considered by the House Committee on Homeland Security and the House Committee on Transportation and Infrastructure.
In the past, the House Science, Space and Technology Committee has considered similar legislation seeking to strengthen the cyber-workforce. An earlier draft bill would authorize the National Science Foundation to create the National Cyber College Grant Program to provide funding to state colleges and universities for the development and teaching of cybersecurity curricula and other cyber-research. It is possible elements of this bill could be added to the State Cyber Resiliency Act as the legislative process moves forward.