New Federal Legislation Seeks To Appoint A Cybersecurity Coordinator For Each State

Wednesday, January 22, 2020

A new bi-partisan bill titled the “Cybersecurity State Coordinator Act of 2020” was recently introduced by Senator Maggie Hassan (D-NH) and co-sponsored by Sen. Gary Peters (D-MI), Senator John Cornyn (R-TX), and Senator Rob Portman (R-OH). 

Under the proposed bill, the Director of the Cybersecurity and Infrastructure Security Agency (currently Christopher Krebs) would have the authority to appoint a “Cybersecurity State Coordinator” for each of the 50 states.  Under the bill, the State Coordinator would have a multifaceted set of responsibilities that include training, advisory work, and program development.  For instance, a few of the State Coordinator’s duties would include:

  • Coordinating between Federal and non-Federal entities to support preparation, response, and remediation efforts relating to cybersecurity risks and incidents.
  • Supporting training, exercises, and planning for continuity of operations to expedite recovery from cybersecurity incidents, which may include ransomware.
  • Facilitating the sharing of cyber threat information between the Federal government and non-Federal entities.
  • Raising awareness of the financial, technical, and operational resources available from the Federal government to non-Federal entities to help increase resilience against cyber threats.

According to Senator Peters, the bill would “help bolster state and local governments’ cybersecurity by facilitating their relationship with the federal government to ensure they know what preventative resources are available to them as well as who to turn to if an attack occurs.” 

This bill comes at a time when cyber-attacks are increasing and becoming far more devastating for local governments, schools, and hospitals.  In 2019 alone, more than 70 state and local governmental agencies in the U.S. suffered some form of ransomware attack and it is predicted that these attacks will only continue to grow and become more pervasive.  For instance, Atlanta spent $2.6 million last year to restore its systems after a ransomware attack. Had there been a coordinated preparation, response, and support system – as proposed by the current bill – this attack might have been preventable or the damage from the attack might have been mitigated.  

Conclusion

The proposed bill comes at a time when a greater coordination is needed between all the various entities affected daily by cyber-attacks.  If enacted, the State Coordinator might help ensure that local governments, hospitals, business and universities are not only more knowledgeable prior to an attack, but also more prepared to respond when they are subjected to an attack.