State and Local Government Cybersecurity Act signed into law

-
BlogOn June 21, President Biden signed into law the State and Local Government Cybersecurity Act (S. 2520), a bill that codifies and strengthens the relationship between federal, state, and local cybersecurity authorities.State and Local Government Cybersecurity Act signed into law
- The State and Local Government Cybersecurity Act codifies the existing relationship between federal, state and local cybersecurity authorities, and directs expanded information sharing
- Counties set to strengthen intergovernmental relationship on cybersecurity as cyber threat environment continues to evolve
-
Blog
State and Local Government Cybersecurity Act signed into law
On June 21, President Biden signed into law the State and Local Government Cybersecurity Act (S. 2520), a bill that codifies and strengthens the relationship between federal, state and local cybersecurity authorities. The new law directs the U.S. Department of Homeland Security (DHS) to share information and resources with state, local, Tribal and territorial (SLTT) governments to help them prevent and recover from cyberattacks, as counties are becoming targeted more frequently by hackers and other cyber criminals.
Counties carry a significant burden of responsibility in ensuring residents’ personal information, priceless historical records and critical infrastructure are adequately protected, recoverable, and secured in the event of a breach. Over the past few years local governments have faced hundreds of cyberattacks, with attacks often threatening to expose residents’ sensitive information or shut down critical infrastructure such as 911 call centers and water treatment facilities. S. 2520 will help counties to address cyber vulnerabilities that increase the risk of successful attacks.
Under the new law, the Cybersecurity and Infrastructure Security Agency (CISA) is directed to increase the coordination of cybersecurity response with SLTT governments. The following CISA responsibilities to support SLTT governments are specifically listed in the bill is:
- Providing operational and technical assistance to address cyber incidents
- Increasing situational awareness by sharing cyber threat indicators, defensive measures and cybersecurity risks
- Providing notifications of specific incidents
- Creating a platform to share best practices and other cybersecurity standards and policies
- Working with Chief Information Officers, senior election officials, and others to coordinate effective implementation of tools, policies and guidelines to ensure system resiliency
- Assisting in developing policies and procedures for coordinating vulnerability disclosures
- Promoting cybersecurity education and awareness.
The law also codifies a sustained relationship between CISA and the Multi-State Information Sharing and Analysis Center (MS-ISAC). MS-ISAC is a coalition of governments and organizations created in 2022 that is dedicated to improving cybersecurity for SLTT governments. Membership includes all 56 states and territories, all 50 state capitals, all 79 Fusion Centers, hundreds of local governments and more than 2,500 organizations.
MS-ISAC maintains a 24/7 watch and warning center as well as a Computer Emergency Response Team that helps members with cyber incident response and provides malware, log, and forensic analysis along with reverse engineering and vulnerability assessments. MS-ISAC analysts work with CISA analysts to improve and support the nation’s cybersecurity posture; improved collaboration between the two will ensure that critical cybersecurity information is shared with SLTT governments quickly and efficiently.
To learn more about NACo’s technology initiatives and cybersecurity resources, please visit our County Cyber Priorities resource as well as the County Leadership Guide on Cybersecurity. NACo also offers quarterly cyber simulations that are designed to strengthen the county cyber defenses and response during a security incident. More information can be found here.
On June 21, President Biden signed into law the State and Local Government Cybersecurity Act (S. 2520), a bill that codifies and strengthens the relationship between federal, state, and local cybersecurity authorities.2022-06-30Blog2022-10-13
On June 21, President Biden signed into law the State and Local Government Cybersecurity Act (S. 2520), a bill that codifies and strengthens the relationship between federal, state and local cybersecurity authorities. The new law directs the U.S. Department of Homeland Security (DHS) to share information and resources with state, local, Tribal and territorial (SLTT) governments to help them prevent and recover from cyberattacks, as counties are becoming targeted more frequently by hackers and other cyber criminals.
Counties carry a significant burden of responsibility in ensuring residents’ personal information, priceless historical records and critical infrastructure are adequately protected, recoverable, and secured in the event of a breach. Over the past few years local governments have faced hundreds of cyberattacks, with attacks often threatening to expose residents’ sensitive information or shut down critical infrastructure such as 911 call centers and water treatment facilities. S. 2520 will help counties to address cyber vulnerabilities that increase the risk of successful attacks.
Under the new law, the Cybersecurity and Infrastructure Security Agency (CISA) is directed to increase the coordination of cybersecurity response with SLTT governments. The following CISA responsibilities to support SLTT governments are specifically listed in the bill is:
- Providing operational and technical assistance to address cyber incidents
- Increasing situational awareness by sharing cyber threat indicators, defensive measures and cybersecurity risks
- Providing notifications of specific incidents
- Creating a platform to share best practices and other cybersecurity standards and policies
- Working with Chief Information Officers, senior election officials, and others to coordinate effective implementation of tools, policies and guidelines to ensure system resiliency
- Assisting in developing policies and procedures for coordinating vulnerability disclosures
- Promoting cybersecurity education and awareness.
The law also codifies a sustained relationship between CISA and the Multi-State Information Sharing and Analysis Center (MS-ISAC). MS-ISAC is a coalition of governments and organizations created in 2022 that is dedicated to improving cybersecurity for SLTT governments. Membership includes all 56 states and territories, all 50 state capitals, all 79 Fusion Centers, hundreds of local governments and more than 2,500 organizations.
MS-ISAC maintains a 24/7 watch and warning center as well as a Computer Emergency Response Team that helps members with cyber incident response and provides malware, log, and forensic analysis along with reverse engineering and vulnerability assessments. MS-ISAC analysts work with CISA analysts to improve and support the nation’s cybersecurity posture; improved collaboration between the two will ensure that critical cybersecurity information is shared with SLTT governments quickly and efficiently.
To learn more about NACo’s technology initiatives and cybersecurity resources, please visit our County Cyber Priorities resource as well as the County Leadership Guide on Cybersecurity. NACo also offers quarterly cyber simulations that are designed to strengthen the county cyber defenses and response during a security incident. More information can be found here.

-
Reports & Toolkits
NACo Technology Guide for County Leaders: Workforce
The NACo County Technology Advisory Council, with input from the Tech Xchange and the NACo Workforce Advisory Board, has developed a guide on workforce retention and recruitment for technology workers. This guide provides an overview, along with benefits and questions to consider in the technology recruitment and retention process -
Policy Brief
Support the Deployment of Next Generation 911 Bill
Urge your Members of Congress to support legislation to provide funding for the deployment of Next Generation 9-1-1 and for other purposes. Introduced by Sen. Amy Klobuchar (D-Minn.) in the previous Congress, the legislation would provide for the establishment of Next Generation 9-1-1 and would vastly improve interoperability with regards to all emergency communication systems. The bill would also establish a Next Generation 9-1-1 cybersecurity center to coordinate with state, local and regional governments to detect and prevent cybersecurity intrusions related to Next Generation 9-1-1. -
Policy Brief
Support the Protecting Community Television Act
Urge your members of Congress to support the Support the Protecting Community Television Act. Introduced by Sens. Ed Markey (D-Mass.) and Tammy Baldwin (D-Wisc.) and Reps. Anna Eshoo (D-Calif.) and Peter DeFazio (D-Ore.) in the previous Congress, the legislation would amend the Communications Act of 1934 to reverse the Federal Communication Commission’s (FCC) 2019 order requiring that cable-related, in-kind contributions be subjected to the statutory five percent franchise fee cap. -
County News
TikTok: It’s hip, it’s fun and it’s a security risk
What threat does TikTok pose to data security, and how should counties regulate its use on government-issued devices? -
Webinar
OnBase as the Enabler to Integrate All Lines of Business
Jan. 12, 2023 , 2:00 pm – 3:00 pmSee how Horry County has successfully integrated multiple lines of business using OnBase as the foundation. From sharing documents across different lines of business, to automating workflows between departments and using RPA as a tool to increase efficiencies. -
Webinar
Exploring Digital Transformation as a Key Driver to Modernizing Voting Infrastructure – The Los Angeles County Experience
Jan. 4, 2023 , 2:00 pm – 3:00 pmDigital transformation represents a wealth of potential for governments to change how they create value for society and modernize for the future. Taking a project from ideation to reality requires not only leadership and vision, but dedication and resources.
-
Webinar
Executive Perspectives on Preparing for an ERP Replacement Project
February 22, 2023 , 3:00 pm – 4:00 pmReplacing your finance and human capital management systems can be stressful for public sector organizations.02223:00 pm<p>Replacing your finance and human capital management systems can be stressful for public sector organizations.
-
Webinar
NACo Cyberattack Simulation: Election Disruptions
February 27, 2023 – March 3, 2023Presented by the NACo County Tech Xchange and Professional Development Academy02271:00 pm<p><em>Presented by the NACo County Tech Xchange and Professional Development Academy</em></p>
-
Webinar
NACo Cyberattack Simulation: Internet of Things
June 12, 2023 – June 16, 2023Presented by the NACo County Tech Xchange and Professional Development Academy06121:00 pm<p><em>Presented by the NACo County Tech Xchange and Professional Development Academy</em></p>
-
Webinar
NACo Cyberattack Simulation: Ransomware
September 11, 2023 – September 15, 2023Presented by the NACo County Tech Xchange and Professional Development Academy09111:00 pm<p><em>Presented by the NACo County Tech Xchange and Professional Development Academy</em></p>
-
Webinar
NACo Cyberattack Simulation: Employee Management
December 4, 2023 – December 8, 2023Presented by the NACo County Tech Xchange and Professional Development Academy12041:00 pm<p><em>Presented by the NACo County Tech Xchange and Professional Development Academy</em></p>
-
Basic page
County Tech Xchange
The NACo County Tech Xchange is an online portal designed to connect county CIOs, IT Directors, CISOs, and other county IT leadership. This portal provides valuable resources in a central location that counties can use to improve their overall technology infrastructure.pagepagepage<table border="1" cellpadding="1" cellspacing="1" style="width:100%" summary="call-out transparent">
<tbody>
<tr> -
Basic page
TestIT: How Fast is Your Broadband
NACo has partnered with the Local Initiatives Support Corporation (LISC) and the Rural Community Assistance Partnership (RCAP) to develop a mobile app designed to identify areas with low or no connectivity to help ensure adequate funding for broadband infrastructure is provided across the country.pagepagepage<table border="1" cellpadding="1" cellspacing="1" style="width:100%" summary="call-out">
<tbody>
<tr>
<td> -
Basic page
Telecommunications & Technology Steering Committee
All matters pertaining to telecommunications and technology policy, including, but not limited to, the county role as a telecommunications regulator, service provider, and consumer, cable services technology and implementation, information technology development and implementation, information technology innovation, e-governance, and geo-spatial data collection and utilization.pagepagepage<p>All matters pertaining to telecommunications and technology policy, including, but not limited to, the county role as a telecommunications regulator, service provider, and consumer, cable services technology and implementation, info
-
Reports & Toolkits
Implementing Infrastructure Investments at the County Level: The Bipartisan Infrastructure Law (P.L. 117-58)
As intergovernmental partners, counties play a key role in ensuring the successful interpretation and implementation of the BILReports & Toolkitsdocument100710:00 amReports & Toolkits<table border="1" cellpadding="1" cellspacing="1" style="width:100%" summary="call-out transparent jump">
<tbody>
<tr>
<td>
Contact
-
Associate Legislative Director – Telecommunications & Technology(202) 942-4212
Related Posts
-
County NewsTikTok: It’s hip, it’s fun and it’s a security riskJan. 24, 2023
-
BlogData sharing paramount in modern county operationsDec. 16, 2022
-
BlogHow municipalities can better manage snow eventsNov. 29, 2022
Related Resources
-
Reports & ToolkitsNACo Technology Guide for County Leaders: WorkforceFeb. 2, 2023
-
Policy BriefSupport the Deployment of Next Generation 911 BillJan. 31, 2023
-
Policy BriefSupport the Protecting Community Television ActJan. 31, 2023
Related Events
-
22Feb2023Webinar
Executive Perspectives on Preparing for an ERP Replacement Project
Feb. 22, 2023 , 3:00 pm – 4:00 pm -
27Feb2023
-
12Jun2023
-
11Sep2023
More From
-
Implementing Infrastructure Investments at the County Level: The Bipartisan Infrastructure Law (P.L. 117-58)
As intergovernmental partners, counties play a key role in ensuring the successful interpretation and implementation of the BIL
Learn More