State and Local Government Cybersecurity Act of 2021

Floor Speech

BREAK IN TRANSCRIPT

Mr. MALINOWSKI. Mr. Speaker, I move to suspend the rules and pass the bill (S. 2520) to amend the Homeland Security Act of 2002 to provide for engagements with State, local, Tribal, and territorial governments, and for other purposes.

The Clerk read the title of the bill.

The text of the bill is as follows: S. 2520

Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled, SECTION 1. SHORT TITLE.

This Act may be cited as the ``State and Local Government Cybersecurity Act of 2021''. SEC. 2. AMENDMENTS TO THE HOMELAND SECURITY ACT OF 2002.

Subtitle A of title XXII of the Homeland Security Act of 2002 (6 U.S.C. 651 et seq.) is amended--

(1) in section 2201 (6 U.S.C. 651), by adding at the end the following:

``(7) SLTT entity.--The term `SLTT entity' means a domestic government entity that is a State government, local government, Tribal government, territorial government, or any subdivision thereof.''; and

(2) in section 2209 (6 U.S.C. 659)--

(A) in subsection (c)(6), by inserting ``operational and'' before ``timely'';

(B) in subsection (d)(1)(E), by inserting ``, including an entity that collaborates with election officials,'' after ``governments''; and

(C) by adding at the end the following:

``(p) Coordination on Cybersecurity for SLTT Entities.--

``(1) Coordination.--The Center shall, upon request and to the extent practicable, and in coordination as appropriate with Federal and non-Federal entities, such as the Multi- State Information Sharing and Analysis Center--

``(A) conduct exercises with SLTT entities;

``(B) provide operational and technical cybersecurity training to SLTT entities to address cybersecurity risks or incidents, with or without reimbursement, related to--

``(i) cyber threat indicators;

``(ii) defensive measures;

``(iii) cybersecurity risks;

``(iv) vulnerabilities; and

``(v) incident response and management;

``(C) in order to increase situational awareness and help prevent incidents, assist SLTT entities in sharing, in real time, with the Federal Government as well as among SLTT entities, actionable--

``(i) cyber threat indicators;

``(ii) defensive measures;

``(iii) information about cybersecurity risks; and

``(iv) information about incidents;

``(D) provide SLTT entities notifications containing specific incident and malware information that may affect them or their residents;

``(E) provide to, and periodically update, SLTT entities via an easily accessible platform and other means--

``(i) information about tools;

``(ii) information about products;

``(iii) resources;

``(iv) policies;

``(v) guidelines;

``(vi) controls; and

``(vii) other cybersecurity standards and best practices and procedures related to information security, including, as appropriate, information produced by other Federal agencies;

``(F) work with senior SLTT entity officials, including chief information officers and senior election officials and through national associations, to coordinate the effective implementation by SLTT entities of tools, products, resources, policies, guidelines, controls, and procedures related to information security to secure the information systems, including election systems, of SLTT entities;

``(G) provide operational and technical assistance to SLTT entities to implement tools, products, resources, policies, guidelines, controls, and procedures on information security;

``(H) assist SLTT entities in developing policies and procedures for coordinating vulnerability disclosures consistent with international and national standards in the information technology industry; and

``(I) promote cybersecurity education and awareness through engagements with Federal agencies and non-Federal entities.

``(q) Report.--Not later than 1 year after the date of enactment of this subsection, and every 2 years thereafter, the Secretary shall submit to the Committee on Homeland Security and Governmental Affairs of the Senate and the Committee on Homeland Security of the House of Representatives a report on the services and capabilities that the Agency directly and indirectly provides to SLTT entities.''.

Mr. Speaker, in recent months the world has watched in horror as Russia launched its unprovoked and illegal invasion of Ukraine. Russia's actions have, once again, reminded us of the potential for cyberattacks on critical infrastructure here in the United States.

With State and local governments operating large amounts of critical infrastructure, including essential public services like schools, emergency response agencies, and water utilities, it is essential that State and local governments have strong cybersecurity practices.

In March, in response to the current threat landscape, President Biden sent a letter to the Nation's Governors urging them to take actions to enhance their cyber defenses. The Federal Government must continue to expand our partnerships with States as they carry out this important national security work.

Congress has already taken some critical steps in this effort this Congress, thanks to the leadership of my colleagues on the Homeland Security Committee. Last year, the House passed Congresswoman Yvette Clarke's State and Local Cybersecurity Improvement Act which created a new grant program to assist State, local, Tribal, and territorial Governments with strengthening their cybersecurity. This legislation was signed by President Biden in the fall as part of the bipartisan infrastructure law and will provide $1 billion in much-needed help over the next 4 years.

Additionally, last year, Congress passed the K-12 Cybersecurity Act introduced by Senator Peters and Congressman Langevin. That bill directs the Cybersecurity and Infrastructure Security Agency to study the cyber risks posed to K-12 educational institutions and provide them with additional resources to better defend themselves.

Right now, I am proud to be working on a bipartisan basis with Senators Peters and Cornyn, and my Homeland Security Committee colleague Representative Garbarino, on the Satellite Cybersecurity Act, urgently needed legislation to better protect critical infrastructure used at the municipal, State, and Federal level that relies on commercial satellite data to work properly.

Passing S. 2520 will build on these efforts by further strengthening the relationship between DHS and State and local Governments as they work to defend our country against cyberattacks. More specifically, it would permit DHS to provide State and local Governments with access to cybersecurity resources and encourage collaboration in using these resources, including joint cybersecurity exercises.

Additionally, the bill will strengthen the relationship between DHS and the Multi State Information Sharing and Analysis Center to help State and local governments receive the most updated information regarding potential threats and gain access to greater technical assistance.

Mr. Speaker, we rely on State and local governments for some of our most basic and necessary public services. We have seen many communities across the country experience disruptions in those vital services due to ransomware attacks originating from Russia.

In this current threat environment, with a heightened risk of even more dangerous cyberattacks, S. 2520 would enhance DHS's collaboration with State and local governments in addressing this pressing national security threat.

By passing this bill and sending it to the President, we will continue our ongoing efforts to expand critical Federal cybersecurity assistance to State and local governments.

Mr. Speaker, I urge my colleagues to support S. 2520, and I yield back the balance of my time.

BREAK IN TRANSCRIPT

Source