Mich. senator explains his cyber bill

Sen. Gary Peters explains State and Local Cyber Protection Act

Over the past decade, county governments across the country have worked hard to increase the number of services provided online, and have also taken steps to increase government transparency by making important records and documents available over the web.  While these actions have brought local government in to the 21st century, they have also exposed counties to the serious risk of cyber threats.

Since the beginning of my tenure as chairman of NACo’s Telecommunications and Technology Steering Committee, our committee members have always highlighted the need for policy makers in Washington to take action to help address cybersecurity at the county level.

As the Department of Homeland Security begins its annual National Cyber Security Awareness Month campaign, I thought it would be a great opportunity to highlight the work of Sens. Gary Peters (D-Mich.) and David Perdue (R-Ga.) who introduced the State and Local Cyber Protection Act of 2016 (S. 2665) in the Senate earlier this year. In a recent interview with County News, Sen. Peters shared important insights about the State and Local Cyber Protection Act.

Q: What would your bill do to support local governments?

A: Our country faces unprecedented risks for cyberattacks and we must take action to combat these threats and protect the sensitive information of Americans.  I introduced the State and Local Cyber Protection Act to help ensure that state and local governments are equipped with the resources and best practices to counter possible cyberattacks.  This bill will allow state and local governments to voluntarily request assistance from the Department of Homeland Security to help identify cybersecurity vulnerabilities, determine protections to improve network security, and provide technical and operational training for their employees to give them additional skills to address cybersecurity incidents.

The bill will also authorize DHS to provide state and local government employees with civil liberties and privacy training to ensure that individuals’ private information remains secure while employees protect against cybersecurity threats.

Q: What brought your attention to the issues of cybersecurity at the state and local level?

A: As a member of the Homeland Security Committee and the Senate Cybersecurity Caucus, I am very aware of the growing threat of cyberattacks to our businesses, military and government. Many local government officials have also brought these concerns to my attention. Phil Bertolini, the chief information officer of Oakland County, Mich., a community I have represented for years in several capacities, has been particularly proactive on cybersecurity issues and has been a great resource as I’ve worked on these issues.

However, this is an issue that concerns all levels of government. Many local governments allow residents to pay fees online, collecting sensitive financial information in the process. Local governments can also acquire personal health information through public health efforts like vaccination campaigns, and may not even be aware they have it. This is the type of information that we know cybercriminals target, and I’m concerned that there is too much variation in the levels of data protection across the country. Cyberattacks look for the weakest link, so we need to encourage best practices at all levels of government. Everyone is a potential target, and victim, of cyberattacks whether they realize it or not.

Q: What are the challenges in getting this legislation passed?

A: Funding is always a challenge. The Department of Homeland Security wants to ensure that it has the funding and staffing necessary to accomplish its mission. While DHS has many critical responsibilities and I’m sensitive to concerns of overburdening the department, I believe that making resources available to state and local governments to improve the cybersecurity of the nation at-large would be a very valuable part of the department’s mission to protect our national security.

In a closing, we asked Sen. Peters what county leaders can do to get involved. He said:

I introduced this bipartisan legislation with my Republican colleague Sen. David Perdue from Georgia. This is an issue that impacts leaders on both sides of the aisle and at all levels of government, and I welcome feedback on this legislation and other ideas for improving cybersecurity.

Most importantly, don’t assume that your networks are not a target. Take steps to secure your information systems and encourage good “cyber-hygiene,” practices such as using strong passwords, recognizing phishing attacks and practicing strong operational security.

In my home state of Michigan, our state government estimates that they are subject to more than 600,000 attempted intrusions into their information systems every day. That is a clear indication that our networks are under siege. As these attacks become increasingly sophisticated, we must ensure that we have the right training and tools to tackle these intrusions at all levels of government.