State and Local Government Cybersecurity Act signed into law

-
BlogOn June 21, President Biden signed into law the State and Local Government Cybersecurity Act (S. 2520), a bill that codifies and strengthens the relationship between federal, state, and local cybersecurity authorities.State and Local Government Cybersecurity Act signed into law
- The State and Local Government Cybersecurity Act codifies the existing relationship between federal, state and local cybersecurity authorities, and directs expanded information sharing
- Counties set to strengthen intergovernmental relationship on cybersecurity as cyber threat environment continues to evolve
-
Blog
State and Local Government Cybersecurity Act signed into law
On June 21, President Biden signed into law the State and Local Government Cybersecurity Act (S. 2520), a bill that codifies and strengthens the relationship between federal, state and local cybersecurity authorities. The new law directs the U.S. Department of Homeland Security (DHS) to share information and resources with state, local, Tribal and territorial (SLTT) governments to help them prevent and recover from cyberattacks, as counties are becoming targeted more frequently by hackers and other cyber criminals.
Counties carry a significant burden of responsibility in ensuring residents’ personal information, priceless historical records and critical infrastructure are adequately protected, recoverable, and secured in the event of a breach. Over the past few years local governments have faced hundreds of cyberattacks, with attacks often threatening to expose residents’ sensitive information or shut down critical infrastructure such as 911 call centers and water treatment facilities. S. 2520 will help counties to address cyber vulnerabilities that increase the risk of successful attacks.
Under the new law, the Cybersecurity and Infrastructure Security Agency (CISA) is directed to increase the coordination of cybersecurity response with SLTT governments. The following CISA responsibilities to support SLTT governments are specifically listed in the bill is:
- Providing operational and technical assistance to address cyber incidents
- Increasing situational awareness by sharing cyber threat indicators, defensive measures and cybersecurity risks
- Providing notifications of specific incidents
- Creating a platform to share best practices and other cybersecurity standards and policies
- Working with Chief Information Officers, senior election officials, and others to coordinate effective implementation of tools, policies and guidelines to ensure system resiliency
- Assisting in developing policies and procedures for coordinating vulnerability disclosures
- Promoting cybersecurity education and awareness.
The law also codifies a sustained relationship between CISA and the Multi-State Information Sharing and Analysis Center (MS-ISAC). MS-ISAC is a coalition of governments and organizations created in 2022 that is dedicated to improving cybersecurity for SLTT governments. Membership includes all 56 states and territories, all 50 state capitals, all 79 Fusion Centers, hundreds of local governments and more than 2,500 organizations.
MS-ISAC maintains a 24/7 watch and warning center as well as a Computer Emergency Response Team that helps members with cyber incident response and provides malware, log, and forensic analysis along with reverse engineering and vulnerability assessments. MS-ISAC analysts work with CISA analysts to improve and support the nation’s cybersecurity posture; improved collaboration between the two will ensure that critical cybersecurity information is shared with SLTT governments quickly and efficiently.
To learn more about NACo’s technology initiatives and cybersecurity resources, please visit our County Cyber Priorities resource as well as the County Leadership Guide on Cybersecurity. NACo also offers quarterly cyber simulations that are designed to strengthen the county cyber defenses and response during a security incident. More information can be found here.
On June 21, President Biden signed into law the State and Local Government Cybersecurity Act (S. 2520), a bill that codifies and strengthens the relationship between federal, state, and local cybersecurity authorities.2022-06-30Blog2022-10-13
On June 21, President Biden signed into law the State and Local Government Cybersecurity Act (S. 2520), a bill that codifies and strengthens the relationship between federal, state and local cybersecurity authorities. The new law directs the U.S. Department of Homeland Security (DHS) to share information and resources with state, local, Tribal and territorial (SLTT) governments to help them prevent and recover from cyberattacks, as counties are becoming targeted more frequently by hackers and other cyber criminals.
Counties carry a significant burden of responsibility in ensuring residents’ personal information, priceless historical records and critical infrastructure are adequately protected, recoverable, and secured in the event of a breach. Over the past few years local governments have faced hundreds of cyberattacks, with attacks often threatening to expose residents’ sensitive information or shut down critical infrastructure such as 911 call centers and water treatment facilities. S. 2520 will help counties to address cyber vulnerabilities that increase the risk of successful attacks.
Under the new law, the Cybersecurity and Infrastructure Security Agency (CISA) is directed to increase the coordination of cybersecurity response with SLTT governments. The following CISA responsibilities to support SLTT governments are specifically listed in the bill is:
- Providing operational and technical assistance to address cyber incidents
- Increasing situational awareness by sharing cyber threat indicators, defensive measures and cybersecurity risks
- Providing notifications of specific incidents
- Creating a platform to share best practices and other cybersecurity standards and policies
- Working with Chief Information Officers, senior election officials, and others to coordinate effective implementation of tools, policies and guidelines to ensure system resiliency
- Assisting in developing policies and procedures for coordinating vulnerability disclosures
- Promoting cybersecurity education and awareness.
The law also codifies a sustained relationship between CISA and the Multi-State Information Sharing and Analysis Center (MS-ISAC). MS-ISAC is a coalition of governments and organizations created in 2022 that is dedicated to improving cybersecurity for SLTT governments. Membership includes all 56 states and territories, all 50 state capitals, all 79 Fusion Centers, hundreds of local governments and more than 2,500 organizations.
MS-ISAC maintains a 24/7 watch and warning center as well as a Computer Emergency Response Team that helps members with cyber incident response and provides malware, log, and forensic analysis along with reverse engineering and vulnerability assessments. MS-ISAC analysts work with CISA analysts to improve and support the nation’s cybersecurity posture; improved collaboration between the two will ensure that critical cybersecurity information is shared with SLTT governments quickly and efficiently.
To learn more about NACo’s technology initiatives and cybersecurity resources, please visit our County Cyber Priorities resource as well as the County Leadership Guide on Cybersecurity. NACo also offers quarterly cyber simulations that are designed to strengthen the county cyber defenses and response during a security incident. More information can be found here.

-
Webinar
US Counties & Emerging Cybersecurity Trends
Sep. 13, 2023 , 1:00 pm – 2:00 pmSeptember 13th, 2023 | 1 P.M. Eastern Time -
Webinar
NACo Cyberattack Simulation: Ransomware
Sep. 11, 2023 – Sep. 15, 2023Presented by the NACo County Tech Xchange and Professional Development Academy -
Series
TechKnow Series: NACo Tech Xchange Overview – Resources and Tools for your CIO Strategy
Sep. 7, 2023 , 1:00 pm – 2:00 pmSeptember 7th, 2023 | 1 P.M. Eastern Time -
Webinar
The Modern Edge for County Government
Sep. 6, 2023 , 1:00 pm – 2:00 pmModernization with Juniper AIOps (artificial intelligence for IT operations) is the industry’s best alternative to a network refresh if user experience, automation, and fiscal efficiency are important to county IT departments. Attend this session to discover how Juniper AIOps addresses these challenges and more: -
Webinar
Understanding Enterprise Service Management
Aug. 31, 2023 , 1:00 pm – 2:00 pmAugust 31st, 2023 | 1 PM Eastern -
Blog
DHS Announces New Funding Round for the State and Local Cybersecurity Grant Program
On August 8, the Department of Homeland Security (DHS) announced a new funding round for the State and Local Cyber Grant Program (SLCGP). The SLCGP was established by the State and Local Cybersecurity Improvement Act, which is part of the Bipartisan Infrastructure Law (BIL).
-
Webinar
Responding to Ransomware Attacks
September 26, 2023 , 1:00 pm – 2:00 pmSeptember 26, 2023 | 1 PM Eastern Time09261:00 pm<p><strong>September 26, 2023 | 1 PM Eastern Time </strong><br />
<br /> -
Webinar
How Overloaded County IT Organizations Can Address Traditional and New AI-Generated Cyber Threats
September 28, 2023 , 1:00 pm – 2:00 pmCounty IT organizations are already overloaded dealing with cyber threats that could result in data breaches, loss of system access resulting in the unavailability of critical services, and more. New cyber threats generated by AI or chat add additional complexity on top of everything else.09281:00 pm<p>County IT organizations are already overloaded dealing with cyber threats that could result in data breaches, loss of system access resulting in the unavailability of critical services, and more.
-
Webinar
Transforming Digital Government Experiences
October 5, 2023 , 1:00 pmOctober 5th, 2023 | 1 PM Eastern10051:00 pm<p><strong>October 5th, 2023 | 1 PM Eastern </strong><br />
<br /> -
Series
TechKnow Series: October, November, & December Sessions
October 18, 2023 – December 13, 2023October 18, 2023 | 1 PM Eastern - Charting Your AI Growth: A Practical Guide on the Use of Generative AI - What Are All Those Tools -
Series
TechKnow Series: Charting Your AI Growth: A Practical Guide on the Use of Generative AI - What Are All Those Tools
October 18, 2023 , 1:00 pmOctober 18th, 2023 | 1 PM Eastern10181:00 pm<p><strong>October 18th, 2023 | 1 PM Eastern </strong></p>
-
Webinar
Unlocking Opportunity by Increasing Digital Equity
October 23, 2023 , 1:00 pm – 2:00 pmOctober 23rd, 2023 | 1 PM Eastern10231:00 pm<p><strong>October 23rd, 2023 | 1 PM Eastern </strong></p>
-
Basic page
County Tech Xchange
The NACo County Tech Xchange is an online portal designed to connect county CIOs, IT Directors, CISOs, and other county IT leadership. This portal provides valuable resources in a central location that counties can use to improve their overall technology infrastructure.pagepagepage<table border="1" cellpadding="1" cellspacing="1" style="width:100%" summary="call-out transparent">
<tbody>
<tr> -
Basic page
TestIT: How Fast is Your Broadband
NACo has partnered with the Local Initiatives Support Corporation (LISC) and the Rural Community Assistance Partnership (RCAP) to develop a mobile app designed to identify areas with low or no connectivity to help ensure adequate funding for broadband infrastructure is provided across the country.pagepagepage<table border="1" cellpadding="1" cellspacing="1" style="width:100%" summary="call-out">
<tbody>
<tr>
<td> -
Basic page
Telecommunications & Technology Steering Committee
All matters pertaining to telecommunications and technology policy, including, but not limited to, the county role as a telecommunications regulator, service provider, and consumer, cable services technology and implementation, information technology development and implementation, information technology innovation, e-governance, and geo-spatial data collection and utilization.pagepagepage<p>All matters pertaining to telecommunications and technology policy, including, but not limited to, the county role as a telecommunications regulator, service provider, and consumer, cable services technology and implementation, info
-
Reports & Toolkits
Implementing Infrastructure Investments at the County Level: The Bipartisan Infrastructure Law (P.L. 117-58)
As intergovernmental partners, counties play a key role in ensuring the successful interpretation and implementation of the BILReports & Toolkitsdocument100710:00 amReports & Toolkits<table border="1" cellpadding="1" cellspacing="1" style="width:100%" summary="call-out transparent jump">
<tbody>
<tr>
<td>
Contact
-
Associate Legislative Director – Telecommunications & Technology(202) 942-4212
Related Posts
-
BlogDHS Announces New Funding Round for the State and Local Cybersecurity Grant ProgramAug. 18, 2023
-
BlogDOJ proposes new rule for nondiscrimination on the basis of disability for state and local web-based servicesAug. 15, 2023
-
County NewsCounties build AI framework to harness its potential, bolster protectionAug. 7, 2023
Related Resources
-
Press ReleaseCounties Applaud Release of Broadband AllocationsJun. 26, 2023
-
Press ReleaseNational Association of Counties Launches Exploratory Committee on Artificial IntelligenceMay. 24, 2023
-
Reports & ToolkitsCybersecurity and Resilient CountiesMay. 22, 2023
Related Events
-
26Sep2023
-
28Sep2023Webinar
How Overloaded County IT Organizations Can Address Traditional and New AI-Generated Cyber Threats
Sep. 28, 2023 , 1:00 pm – 2:00 pm -
5Oct2023
-
18Oct2023
More From
-
Outreach Toolkit for Counties: the FCC’s Affordable Connectivity Program
Through the FCC's Affordable Connectivity Program, counties have a central role in providing all residents with an equal chance to connect to high-speed internet in their homes.
Learn More