National Association of Counties

Blog

State and Local Government Cybersecurity Act signed into law

By Ethan Greer, Seamus Dowdall   Jun. 30, 2022
Tags: Telecommunications & Technology
  • Blog

    State and Local Government Cybersecurity Act signed into law

    On June 21, President Biden signed into law the State and Local Government Cybersecurity Act (S. 2520), a bill that codifies and strengthens the relationship between federal, state and local cybersecurity authorities. The new law directs the U.S. Department of Homeland Security (DHS) to share information and resources with state, local, Tribal and territorial (SLTT) governments to help them prevent and recover from cyberattacks, as counties are becoming targeted more frequently by hackers and other cyber criminals.

    Counties carry a significant burden of responsibility in ensuring residents’ personal information, priceless historical records and critical infrastructure are adequately protected, recoverable, and secured in the event of a breach. Over the past few years local governments have faced hundreds of cyberattacks, with attacks often threatening to expose residents’ sensitive information or shut down critical infrastructure such as 911 call centers and water treatment facilities. S. 2520 will help counties to address cyber vulnerabilities that increase the risk of successful attacks.

    Under the new law, the Cybersecurity and Infrastructure Security Agency (CISA) is directed to increase the coordination of cybersecurity response with SLTT governments. The following CISA responsibilities to support SLTT governments are specifically listed in the bill is:

    • Providing operational and technical assistance to address cyber incidents
    • Increasing situational awareness by sharing cyber threat indicators, defensive measures and cybersecurity risks
    • Providing notifications of specific incidents
    • Creating a platform to share best practices and other cybersecurity standards and policies
    • Working with Chief Information Officers, senior election officials, and others to coordinate effective implementation of tools, policies and guidelines to ensure system resiliency
    • Assisting in developing policies and procedures for coordinating vulnerability disclosures
    • Promoting cybersecurity education and awareness.

    The law also codifies a sustained relationship between CISA and the Multi-State Information Sharing and Analysis Center (MS-ISAC). MS-ISAC is a coalition of governments and organizations created in 2022 that is dedicated to improving cybersecurity for SLTT governments. Membership includes all 56 states and territories, all 50 state capitals, all 79 Fusion Centers, hundreds of local governments and more than 2,500 organizations.

    MS-ISAC maintains a 24/7 watch and warning center as well as a Computer Emergency Response Team that helps members with cyber incident response and provides malware, log, and forensic analysis along with reverse engineering and vulnerability assessments. MS-ISAC analysts work with CISA analysts to improve and support the nation’s cybersecurity posture; improved collaboration between the two will ensure that critical cybersecurity information is shared with SLTT governments quickly and efficiently.

    To learn more about NACo’s technology initiatives and cybersecurity resources, please visit our County Cyber Priorities resource as well as the County Leadership Guide on Cybersecurity. NACo also offers quarterly cyber simulations that are designed to strengthen the county cyber defenses and response during a security incident. More information can be found here.

    On June 21, President Biden signed into law the State and Local Government Cybersecurity Act (S. 2520), a bill that codifies and strengthens the relationship between federal, state, and local cybersecurity authorities.
    2022-06-30
    Blog
    2022-06-30
The State and Local Government Cybersecurity Act codifies the existing relationship between federal, state and local cybersecurity authorities, and directs expanded information sharing Counties set to strengthen intergovernmental relationship on cybersecurity as cyber threat environment continues to evolve

On June 21, President Biden signed into law the State and Local Government Cybersecurity Act (S. 2520), a bill that codifies and strengthens the relationship between federal, state and local cybersecurity authorities. The new law directs the U.S. Department of Homeland Security (DHS) to share information and resources with state, local, Tribal and territorial (SLTT) governments to help them prevent and recover from cyberattacks, as counties are becoming targeted more frequently by hackers and other cyber criminals.

Counties carry a significant burden of responsibility in ensuring residents’ personal information, priceless historical records and critical infrastructure are adequately protected, recoverable, and secured in the event of a breach. Over the past few years local governments have faced hundreds of cyberattacks, with attacks often threatening to expose residents’ sensitive information or shut down critical infrastructure such as 911 call centers and water treatment facilities. S. 2520 will help counties to address cyber vulnerabilities that increase the risk of successful attacks.

Under the new law, the Cybersecurity and Infrastructure Security Agency (CISA) is directed to increase the coordination of cybersecurity response with SLTT governments. The following CISA responsibilities to support SLTT governments are specifically listed in the bill is:

  • Providing operational and technical assistance to address cyber incidents
  • Increasing situational awareness by sharing cyber threat indicators, defensive measures and cybersecurity risks
  • Providing notifications of specific incidents
  • Creating a platform to share best practices and other cybersecurity standards and policies
  • Working with Chief Information Officers, senior election officials, and others to coordinate effective implementation of tools, policies and guidelines to ensure system resiliency
  • Assisting in developing policies and procedures for coordinating vulnerability disclosures
  • Promoting cybersecurity education and awareness.

The law also codifies a sustained relationship between CISA and the Multi-State Information Sharing and Analysis Center (MS-ISAC). MS-ISAC is a coalition of governments and organizations created in 2022 that is dedicated to improving cybersecurity for SLTT governments. Membership includes all 56 states and territories, all 50 state capitals, all 79 Fusion Centers, hundreds of local governments and more than 2,500 organizations.

MS-ISAC maintains a 24/7 watch and warning center as well as a Computer Emergency Response Team that helps members with cyber incident response and provides malware, log, and forensic analysis along with reverse engineering and vulnerability assessments. MS-ISAC analysts work with CISA analysts to improve and support the nation’s cybersecurity posture; improved collaboration between the two will ensure that critical cybersecurity information is shared with SLTT governments quickly and efficiently.

To learn more about NACo’s technology initiatives and cybersecurity resources, please visit our County Cyber Priorities resource as well as the County Leadership Guide on Cybersecurity. NACo also offers quarterly cyber simulations that are designed to strengthen the county cyber defenses and response during a security incident. More information can be found here.

  • Telecommunications & Technology
    Basic page

    County Tech Xchange

    The NACo County Tech Xchange is an online portal designed to connect county CIOs, IT Directors, CISOs, and other county IT leadership. This portal provides valuable resources in a central location which counties can use to improve their overall technology infrastructure.
    page
    County Tech Xchange

    <p>The NACo County Tech Xchange is an online portal designed to connect county CIOs, IT Directors, CISOs, and other county IT leadership.

    Learn More
  • Telecommunications & Technology
    Basic page

    TestIT: How Fast is Your Broadband

    NACo has partnered with the Local Initiatives Support Corporation (LISC) and the Rural Community Assistance Partnership (RCAP) to develop a mobile app designed to identify areas with low or no connectivity to help ensure adequate funding for broadband infrastructure is provided across the country.
    page
    TestIT: How Fast is Your Broadband

    <p>Accurate connectivity data is the foundation for investments in broadband infrastructure.

    Learn More
  • Basic page

    Telecommunications & Technology Steering Committee

    All matters pertaining to telecommunications and technology policy, including, but not limited to, the county role as a telecommunications regulator, service provider, and consumer, cable services technology and implementation, information technology development and implementation, information technology innovation, e-governance, and geo-spatial data collection and utilization.
    page
    Telecommunications & Technology Steering Committee

    <p>All matters pertaining to telecommunications and technology policy, including, but not limited to, the county role as a telecommunications regulator, service provider, and consumer, cable services technology and implementation, info

    Learn More

Contact

  • Seamus Dowdall
    Associate Legislative Director – Telecommunications & Technology  
    (202) 942-4212

Related Posts

Related Resources

More From