NASCIO Endorses $28 Billion Legislation to Address SLTT IT and Cybersecurity Issues

The bicameral and bipartisan, State and Local IT Modernization and Cybersecurity Act was introduced on August 14. The legislation seeks to provide state and local governments with dedicated grant funding in order to directly respond to IT issues relating to COVID-19, modernize legacy IT systems and to improve their overall cybersecurity resilience.  Full bill text can be found here.

 

NASCIO’s Endorsement Statement:

“On behalf of the nation’s state chief information officers (CIOs), NASCIO sincerely appreciates the introduction of the bipartisan, State and Local IT Modernization and Cybersecurity Act. As states are charged with administering critically important federal programs and benefits, this legislation aims to make significant investments in modernizing state and local IT infrastructure. We also appreciate the sponsors recognition of the vital role of state CIOs and IT agencies, who throughout the ongoing pandemic have continued to experience unprecedented demands to ensure the delivery of timely and critical services to citizens while maintaining and protecting the continuity of government. We look forward to working together with the House and Senate to ensure the passage of the State and Local IT Modernization and Cybersecurity Act.” -Doug Robinson, NASCIO Executive Director

 

Press Coverage of the Legislation can be found here:

The Hill

StateScoop

NASCIO Endorses State and Local Cybersecurity Improvement Act

On February 10, U.S. Representatives Cedric Richmond (D-LA) and John Katko (R-NY), the chairman and ranking member of the House Committee on Homeland Security Cybersecurity, Infrastructure Protection and Innovation Subcommittee, along with 12 other members, introduced H.R. 5823, the State and Local Cybersecurity Improvement Act. H.R. 5823 would create a new $400 million annual grant program to state and local governments to improve their cybersecurity posture. The bipartisan legislation, which can be found here, would require states to develop cybersecurity response plans that would be submitted to the Department of Homeland Security (DHS) in order to qualify for the grants. H.R. 5823 would also establish a 15-member State and Local Cybersecurity Resiliency Committee to advise DHS on the efficacy of the grant program. NASCIO’s endorsement of the legislation >

Senate Homeland Security Committee Urged to Provide Cybersecurity Resources to State and Local Governments

On February 11, the U.S. Senate Committee on Homeland Security and Governmental Affairs held a hearing titled, “What States, Locals and the Business Community Should Know and Do: A Roadmap for Effective Cybersecurity.” Witnesses for the hearing were Chris Krebs, Director of the Cybersecurity and Infrastructure Security Agency, Amanda Crawford, Executive Director of the Texas Department of Information Resources and Chris DeRusha, Chief Security Officer in Michigan. All the witnesses agreed that the federal government should dedicate additional resources and expertise to local governments, who have been frequent target of high-profile ransomware attacks. Check out the video of the hearing >

Election Websites at Risk
A recent McAfee report found that election websites in more than a dozen battleground states lack basic cybersecurity functions that could allow them to be subject to hacking and misinformation campaigns. The cybersecurity firm found that across the 13 states studied only 54% of county websites had an encrypted front page and only 17% were on the DotGov domain. NASCIO has been a longtime advocate of the widespread adoption of DotGov. Read the article about the McAfee report >

The National Association of State Chief Information Officers (NASCIO), which represents state CIOs, opposes all state legislation that would mandate contractor monitoring or billing verification software due to the significant risks to citizen privacy and federal regulatory compliance concerns it would create. Additionally, NASCIO remains concerned that this legislation would pose risks to state computer networks, impose unnecessary and burdensome requirements on state contractors and would lead to increased costs to the states. While NASCIO certainly supports contractor productivity and transparency, cost efficiency and successful project outcomes, legislation of this nature would introduce unnecessary risks to citizen data by essentially transferring ownership of private citizen data to a third party. This type of legislation, even through mandated pilot programs, has the potential for unintended consequences, such as impacting a state’s cybersecurity insurance policy coverage. State CIOs inherently understand and appreciate the seriousness of protecting citizens’ data, and therefore do not support legislation that would serve to increase or introduce additional risk.