New legislation will see creation of a cyber tzar for each US state
A US bill aims to establish a cybersecurity coordinator in every state in order to bridge the gap between federal, state, and local security teams.
The Cybersecurity State Coordinator Act of 2020 was recently proposed by US senators due to growing threats from cybercrime gangs, hostile nation states, and advanced persistent threats (APTs).
This has resulted in an “urgent need” for federal support across US states, the bill (PDF) reads.
State and local governments “lack the resources, technical know-how, and situational awareness to secure their systems, or respond in the event of an attack,” Republican Senator Rob Portman noted in a statement on January 17.
He added: “Cybersecurity for state and local governments is just as important as federal cybersecurity.”
The bill proposes that federal organizations commit to supporting and aiding governments, schools, and hospitals across the US in preventing cyber-attacks, and helping to remediate the aftermath of any such security incidents.
This act would also create the role of ‘Cybersecurity Coordinator’ within each state, tasked with advising on the development of secure infrastructure, improving cyber awareness, and exchanging information between federal and non-federal entities.
The proposed position would be appointed by the Department of Homeland Security’s Cybersecurity and Security Agency (CISA), the bill reads.
There are currently a handful of federal laws and dozens of state laws related to cybersecurity, though few aid cooperation between the two.
One example is the State and Local Cybersecurity Improvement Act, introduced in August 2019, which provides state and local officials with access to security tools and procedures from the National Cybersecurity and Communications Integration Center (NCCIC).
However, the Cybersecurity State Coordinator Act of 2020, is said to be the first of its kind to mandate full-time cooperation at all levels of government.
Theresa Payton, former White House CISO and CEO of Fortalice Solutions told The Daily Swig: “DHS’s CISA has a program in place with state assigned resources today, but they need additional reinforcements.
“What’s exciting to me with this proposed bill is that it codifies a great program and elevates the discussion to the highest levels.
“No matter how automated cybersecurity alerts and intelligence becomes, the best way to share actionable intelligence is still person to person.”
It still remains to be seen whether this bill will pass, partly due to questions over available funding.
But Fouad Khalil, vice president of compliance at SecurityScorecard, told The Daily Swig that he is confident that the bill will be enacted, as the “benefits outweigh the cost”.
He said: “I do not see many similarities with this new act and other cyber related legislations or laws.
“I believe this act will pass all hurdles in congress smoothly as the obvious benefits outweigh the cost.
“I strongly believe that a year or two post-enactment, this role’s responsibility will expand and becomes a critical asset to federal and private entities when fighting cybercrime.”