Sens. Peters & Perdue Introduce Bill to Enhance Cyber Security Coordination

Washington, D.C. – U.S. Senators Gary Peters (D-MI) and David Perdue (R-GA) today announced they have introduced bipartisan legislation to help state and local governments combat cyber threats by increasing coordination with the Department of Homeland Security (DHS). The State and Local Cyber Protection Act requires DHS’s National Cybersecurity and Communications Integration Center (NCCIC) to provide assistance and training for state, local and tribal governments in preventing, preparing for and responding to cyber threats.

“Our nation is facing an ever-growing threat from increasingly sophisticated cyber attacks, and we are only as strong as our weakest link,” said Senator Peters, a member of the Senate Armed Services and Homeland Security Committees. “State and local governments face unique cybersecurity threats that can endanger critical infrastructure, as well as residents’ sensitive personal and financial data. This bipartisan legislation will help ensure every level of government has the necessary tools to protect their networks and respond to cyber attacks.”

“In the face of ever-evolving attacks from our adversaries, we must strengthen our nation’s cyber defense capabilities which requires coordination across all levels of government,” said Senator David Perdue, a member of the Armed Services Committee. “This is key in to combating the asymmetric threats we face on a daily basis. I’m proud Georgia is on the front lines of training the next generation of cyber warriors and I will continue working with Senator Peters and my colleagues to expand on cyber security innovation and improve communication.”

According to the National Association of State Chief Information Officers (NASCIO), state governments have identified improving cybersecurity as a top information technology priority. However, state and local governments often lack the resources or technical expertise to defend their networks from cyberattacks. Analysis from the Brookings Institute found that state and local governments vary widely in their abilities to budget sufficient resources and field the technical expertise necessary to respond to increasingly sophisticated cyberattacks. The State of Michigan estimates that they detect over 600,000 attempted intrusions to their information systems every day.

“I thank Senator Peters for his continued leadership on this issue and recognizing the key role that local governments play in protecting our citizens from cyber attacks,” said Brooks Patterson, Oakland County Executive. “The State and Local Cyber Protection Act will help ensure there is proper training available to local authorities to recognize and respond to cyber threats.”

“We applaud Senators Gary Peters and David Perdue for introducing the State and Local Cyber Protection Act of 2017,” said National Association of Counties Executive Director Matthew Chase. “As county governments deploy modern technology to provide services to residents, it’s important that we have access to resources and expertise to address data breaches and cyber-attacks. Counties and states are also responsible for managing information that must be safeguarded for privacy and personal protection. The State and Local Cyber Protection Act helps to ensure that our nation’s counties can mitigate the risk of cyber threats.”

The State and Local Cyber Protection Act would require the NCCIC to provide state and local governments with:

• Assistance, upon request, in identifying cyber vulnerabilities and appropriate security protections;
• Tools, policies, procedures, and other materials related to information security, and to work with state and local officials to coordinate effective implementation of these resources;
• Technical and operational assistance, upon request, to utilize technology in the analysis, continuous diagnosis and mitigation, and evaluation of cyber threats and responses;
• Assistance to develop policies and procedures consistent with industry best practices and international standards, including cybersecurity frameworks developed by the National Institute of Standards and Technology;
• Technical assistance and cybersecurity training, upon request, to state and local personnel and fusion center analysts; and
• Privacy and civil liberties training as relates to cybersecurity, focusing on consistency with existing privacy laws and DHS policies, minimizing the retention and use of unnecessary information, and prompt removal of the personally identifiable information “unrelated” to a cyber threat.

A member of the Senate Cybersecurity Caucus, Peters has worked to strengthen both public and private sector cyber capabilities. Last year, Senator Peters and then-Senator David Vitter (R-LA), introduced legislation that was included in the National Defense Authorization Act to help bolster cyber security for small businesses. The bill was signed into law last year and enable the U.S. Small Business Administration’s (SBA) Small Business Development Centers (SBDCs) to work with DHS to assist small businesses in planning for and protecting against cyber security attacks.