Senators move to boost state and local cybersecurity as part of annual defense bill

A group of Senate Democrats on Monday introduced a measure that would strengthen cybersecurity protections for states vulnerable to malicious cyberattacks as part of the annual National Defense Authorization Act (NDAA). 

The proposed amendment to the Senate version of the 2021 NDAA would fund a cybersecurity coordinator for every state who would be responsible for working with all levels of government to prevent and respond to escalating cyberattacks on schools, hospitals and other groups. 

The amendment was introduced by Sens. Maggie Hassan (D-N.H.), John Cornyn (R-Texas), Gary Peters (D-Mich.), and Rob Portman (R-Ohio) and is based on previous legislation introduced by the senators in January. 

The Senate Armed Services Committee approved the massive annual defense spending bill earlier this month, with the bill also being negotiated in the House Armed Services Committee, which is set to debate and approve its version of the legislation later this week. The Senate will begin debating the overall bill this week. 

The amendment was introduced following a year of mounting cyberattacks on state and local government entities across the nation, including on school districts, libraries and governments in cities such as New Orleans and Baltimore.

The COVID-19 pandemic has only exacerbated the vulnerabilities at the state and local levels to cyberattacks due to budget shortfalls, and hospitals and research groups involved in fighting and studying COVID-19 have also become targets. 

Peters, who serves as the ranking members of the Senate Homeland Security Committee, said in a statement that the amendment would help create “clear lines of communication and an understanding of what federal resources are available” for vulnerable state and local governments. 

“Bad actors will always target the path of least resistance – which is why we must boost cyber-security at all levels of government,” Peters said.

“Cybersecurity for state and local governments is just as important as federal cybersecurity, and frequently, they lack the resources, technical know-how, and situational awareness to secure their systems, or respond in the event of an attack,” Portman said in a separate statement. 

Hassan and Cornyn also introduced a second amendment to the NDAA this week that would increase the ability of the National Guard to assist state and local governments in responding to debilitating cyberattacks.  

“Cyberattacks can cause enormous disruption at any time, but they can be particularly devastating during a public health crisis,” Hassan said Monday. “The federal government needs to do more to strengthen cybersecurity preparedness in communities across the country, and both of these bipartisan amendments would help do so.” 

Cornyn said separately that “the United States faces a barrage of cyber threats every day, and state and local governments have a role to play in keeping our infrastructure secure. Having one point of contact in each state working to coordinate their response to cybersecurity breaches will ensure everyone is on the same page during a crisis.”

The Senate Armed Services Committee’s version of the 2021 NDAA already includes multiple cybersecurity enhancements. Most of them stem from the recommendations of the Cyberspace Solarium Commission, a group established by Congress and made up of members of Congress, the federal government and industry to create a plan to defend the U.S. in cyberspace. 

These recommendations include reviewing the National Guard’s ability to respond to cyberattacks, assessing the potential to establish a national cyber director and assessing cyber vulnerabilities in critical weapons systems.