Skip to content

Peters, Perdue Introduce Legislation to Enhance Cybersecurity Coordination

WASHINGTON, DC - U.S. Senators Gary Peters (D-MI) and David Perdue (R-GA) today announced they are introducing bipartisan legislation to promote better coordination of cybersecurity efforts between Department of Homeland Security (DHS) and state and local governments.  The State and Local Cyber Protection Act will enhance ongoing collaboration efforts between the DHS’s National Cybersecurity and Communications Integration Center (NCCIC), which shares information regarding cybersecurity vulnerabilities, incidents, and mitigations with public and private sector partners, including state, local, and tribal governments.

“America faces unprecedented risks to our cyber infrastructure, and we must act to both combat these threats and protect the sensitive information of American citizens,” said Senator Peters, a member of the Senate Homeland Security Committee. “I’m pleased to introduce this bipartisan legislation that will help ensure all levels of government are equipped with the best practices and resources to counter cyber threats.”

“Cyberwarfare is the new frontier for foreign governments and hackers to threaten our national security,” said Senator Perdue, a member of the Senate Foreign Relations Committee. “Anonymous attacks have already stolen Americans’ personal information and sensitive data from businesses and agencies. As our adversaries change their tactics, more coordination between state and federal governments is critical to combat potential vulnerabilities and future attacks.”

Despite improvements in cybersecurity at the state and local level, an analysis from the Brookings Institute found that state and local governments vary widely in their abilities to budget sufficient resources and field the technical expertise necessary to respond to increasingly sophisticated cyberattacks. The State of Michigan estimates that they detect over 600,000 attempted intrusions to their information systems every day.

“I thank Senator Peters for his leadership on this issue and recognizing the key role that local governments play in protecting our citizens from cyber attacks,” said Brooks Patterson, Oakland County Executive. “The Senate's consideration of the State and Local Cyber Protection Act will enable this critical piece of legislation to take the next step toward becoming law.” 

“We applaud the introduction of the State and Local Cyber Protection Act by Senators Peters and Perdue. In partnership with states, counties are often responsible for managing critical information that needs to be safeguarded for privacy and personal protection. Counties work to ensure the security of information that travels through our nation's cyber systems,” said Matthew Chase, executive director of the National Association of Counties. “The State and Local Cyber Protection Act would increase access to resources to help protect critical information from criminal hacking.  We look forward to continuing to work with Congress on legislation that provides counties with the tools necessary to mitigate the risk of cyber-attacks.”

The State and Local Cyber Protection Act would require the NCCIC to provide state and local governments with:

  • Assistance, upon request, in identifying cyber vulnerabilities and appropriate security protections;
  • Tools, policies, procedures, and other materials related to information security, and to work with state and local officials to coordinate effective implementation of these resources;
  • Technical and operational assistance, upon request, to utilize technology in the analysis, continuous diagnosis and mitigation, and evaluation of cyber threats and responses;
  • Assistance to develop policies and procedures consistent with industry best practices and international standards, including cybersecurity frameworks developed by the National Institute of Standards and Technology;
  • Technical assistance and cybersecurity training, upon request, to state and local personnel and fusion center analysts; and
  • Privacy and civil liberties training as relates to cybersecurity, focusing on consistency with existing privacy laws and DHS policies, minimizing the retention and use of unnecessary information, and prompt removal of the personally identifiable information “unrelated” to a cyber threat.