Back to Perspectives
State and Local Cybersecurity Improvement Act Update: Get Started Protecting Sensitive Data and Systems
On May 18, 2021, the House of Representatives passed the State and Local Cybersecurity Improvement Act (SLCIA) to address cybersecurity vulnerabilities and promote additional cybersecurity collaborative efforts between the Department of Homeland Security (DHS) and state, local, tribal, and territorial governments. The bipartisan bill was received in the Senate on July 21, 2021, read twice, and then referred to the Committee on Homeland Security and government affairs, where it has been sitting since. Once it passes, it will go to the President’s desk, where it will then immediately provide incentives to address the increasing danger of malicious cyberattacks on state and local IT infrastructure. Giving state and local governments the resources to protect against hackers The SLCIA updates the Homeland Security Act of 2002 to give the DHS leeway to utilize centers like the Cybersecurity and Infrastructure Security Agency (CISA) and Multi-State Information Sharing and Analysis Center (MS-ISAC). This will allow them to work with state, local, tribal, and territorial governments as needed, upon request. This collaboration will encourage conducting cybersecurity exercises and hosting trainings meant to address current or future cyber risks or incidents. It will also provide operational and technical assistance to state and local governments to implement security resources, tools, and procedures to improve overall protection against attacks. The goal is to provide state and local governments with the support they need to defend themselves from hackers. Resources to bolster government cybersecurity capabilities The SLCIA establishes a $500 million DHS grant program that will empower government institutions to increase their focus on cybersecurity. The bill also:
- Requires CISA to develop a strategy to improve cybersecurity of state, local, tribal, and territorial governments, enabling them to identify federal resources to capitalize on as well as set baseline objectives for their efforts;
- Indicates state, local, tribal, and territorial governments must develop a comprehensive cybersecurity plan to guide their usage of any grant money they receive;
- Establishes a state and local cybersecurity resiliency committee made up of representatives from state, local, tribal, and territorial governments to provide awareness of cybersecurity needs; and
- Enjoins CISA to assess the feasibility of a rotational program for the detail of approved government employees holding cyber positions.
- Maintain responsibility for monitoring, managing, and tracking its information systems, applications, and those user accounts owned and operated by the government;
- Show it has a process of continuously prioritizing the assessment of its cybersecurity vulnerabilities and threat mitigation practices; and
- Have a tangible plan that outlines:
- How to manage and audit network traffic.
- How the government plans to use the information to improve its systems’ resiliency and strength.