Proposed bill seeks to help non-federal entities improve cyber-security

To that end, members of Congress proposed a bipartisan bill on Jan. 17, the “Cybersecurity State Coordinator Act of 2020,” to facilitate stronger coordination among federal and non-federal entities in combating cyber-criminals. A primary goal of the bill is to facilitate greater engagement from the federal government to help non-federal entities build up their defenses.

The need to bolster cyber-security has been on the radar for months, not just among government leaders but compliance officers, too. In November, over a third of 128 compliance practitioners surveyed by Compliance Week indicated they are considering upgrading or implementing a cyber-security solution, more than any other type of compliance-related software. At the time, the number of reported breaches in 2019 was up by 54 percent compared to 2018, according to a 2019 mid-year report by Risk Based Security.

U.S. Senator Maggie Hassan (D-N.H.), who led the charge in introducing the bill, highlighted two government-related incidents in her state as grounds for her advocacy of stronger cyber-security across all levels of government.

“Cyberattacks can be devastating for communities across our country, from ransomware attacks that can block access to school or medical records to cyberattacks that can shut down electrical grids or banking services,” said Hassan in a news release. “The bipartisan bill I introduced would take a big step forward in improving communication between the federal government, states, and localities, as well as strengthening cyber-security preparedness in communities across the country.”

While Hassan—and the bill—repeatedly cite ransomware as particularly alarming, business leaders in the private sector highlight other kinds of cyber-attacks as big issues facing organizations, like phishing and supply-chain breaches, according to Mission Multiplier’s Jamie Miller.

If signed into law, the Department of Homeland Security would appoint 50 employees of the Cybersecurity and Infrastructure Security Agency to this new role, one for each state. Those employees would have one year from the date of enactment of the Act to demonstrate efficacy in their responsibilities.

Each cyber-security state coordinator would serve as a federal cyber-security risk advisor, principle point of contact, and strategic facilitator between federal and non-federal entities. The latter category includes state and local governments as well as schools, hospitals, and other organizations.

The cyber-security state coordinators would:

• Assist organizations in establishing governance structures to facilitate developing and maintaining robust cyber-security infrastructure;
• Strengthen lines of communication between federal and non-federal organizations to promote the sharing of cyber-threat information;
• Raise non-federal entities’ awareness of the financial, technical, and operational resources at their disposal through the federal government; and
• Support training, exercises, and remediation efforts relating to cyber-security risks and incidents.

Along with Hassan, Sens. John Cornyn (R-Texas), Rob Portman (R-Ohio), and Gary Peters (D-Mich.) have lent their names to the proposed bill.