NASCIO Endorses $28 Billion Legislation to Address SLTT IT and Cybersecurity Issues
The bicameral and bipartisan, State and Local IT Modernization and Cybersecurity Act was introduced on August 14. The legislation seeks to provide state and local governments with dedicated grant funding in order to directly respond to IT issues relating to COVID-19, modernize legacy IT systems and to improve their overall cybersecurity resilience. Full bill text can be found here.
NASCIO’s Endorsement Statement:
“On behalf of the nation’s state chief information officers (CIOs), NASCIO sincerely appreciates the introduction of the bipartisan, State and Local IT Modernization and Cybersecurity Act. As states are charged with administering critically important federal programs and benefits, this legislation aims to make significant investments in modernizing state and local IT infrastructure. We also appreciate the sponsors recognition of the vital role of state CIOs and IT agencies, who throughout the ongoing pandemic have continued to experience unprecedented demands to ensure the delivery of timely and critical services to citizens while maintaining and protecting the continuity of government. We look forward to working together with the House and Senate to ensure the passage of the State and Local IT Modernization and Cybersecurity Act.” -Doug Robinson, NASCIO Executive Director
Press Coverage of the Legislation can be found here:
Congress Passes $2 Trillion COVID-19 Stimulus Bill
On Friday, March 27, President Trump signed into law a $2 trillion emergency bill, the Coronavirus Aid, Relief, and Economic Security Act (CARES Act).
The $2 trillion package is equal to almost half of the annual federal spending in a year and is the largest relief package Congress has ever passed. The bill will send a $1,200 check to many Americans, create a $377 billion loan program for small businesses and establish a $500 billion lending fund for businesses.
Additionally, the bill provides $150 billion in new, direct aid to states, territories, tribal and local governments by formula and based on population, to be distributed no later than 30 days after the date of enactment.
Coronavirus Impact on Voting and Elections
The CARES Act provides $400 million to the Election Assistance Commission, largely for contingency planning and expanding vote by mail and online voter registration initiatives. Additionally, some election officials are considering using their recently received election security grants, Help America Vote Act (HAVA) funds, for virus-related election preparations. More to follow as this issue progresses.
NASCIO Endorses State and Local Cybersecurity Improvement Act
On February 10, U.S. Representatives Cedric Richmond (D-LA) and John Katko (R-NY), the chairman and ranking member of the House Committee on Homeland Security Cybersecurity, Infrastructure Protection and Innovation Subcommittee, along with 12 other members, introduced H.R. 5823, the State and Local Cybersecurity Improvement Act. H.R. 5823 would create a new $400 million annual grant program to state and local governments to improve their cybersecurity posture. The bipartisan legislation, which can be found here, would require states to develop cybersecurity response plans that would be submitted to the Department of Homeland Security (DHS) in order to qualify for the grants. H.R. 5823 would also establish a 15-member State and Local Cybersecurity Resiliency Committee to advise DHS on the efficacy of the grant program. NASCIO’s endorsement of the legislation >
Senate Homeland Security Committee Urged to Provide Cybersecurity Resources to State and Local Governments
On February 11, the U.S. Senate Committee on Homeland Security and Governmental Affairs held a hearing titled, “What States, Locals and the Business Community Should Know and Do: A Roadmap for Effective Cybersecurity.” Witnesses for the hearing were Chris Krebs, Director of the Cybersecurity and Infrastructure Security Agency, Amanda Crawford, Executive Director of the Texas Department of Information Resources and Chris DeRusha, Chief Security Officer in Michigan. All the witnesses agreed that the federal government should dedicate additional resources and expertise to local governments, who have been frequent target of high-profile ransomware attacks. Check out the video of the hearing >
Election Websites at Risk
A recent McAfee report found that election websites in more than a dozen battleground states lack basic cybersecurity functions that could allow them to be subject to hacking and misinformation campaigns. The cybersecurity firm found that across the 13 states studied only 54% of county websites had an encrypted front page and only 17% were on the DotGov domain. NASCIO has been a longtime advocate of the widespread adoption of DotGov. Read the article about the McAfee report >
The National Association of State Chief Information Officers (NASCIO), which represents state CIOs, opposes all state legislation that would mandate contractor monitoring or billing verification software due to the significant risks to citizen privacy and federal regulatory compliance concerns it would create. Additionally, NASCIO remains concerned that this legislation would pose risks to state computer networks, impose unnecessary and burdensome requirements on state contractors and would lead to increased costs to the states. While NASCIO certainly supports contractor productivity and transparency, cost efficiency and successful project outcomes, legislation of this nature would introduce unnecessary risks to citizen data by essentially transferring ownership of private citizen data to a third party. This type of legislation, even through mandated pilot programs, has the potential for unintended consequences, such as impacting a state’s cybersecurity insurance policy coverage. State CIOs inherently understand and appreciate the seriousness of protecting citizens’ data, and therefore do not support legislation that would serve to increase or introduce additional risk.
Bipartisan Legislation Establishing State Cyber Coordinator Introduced in Senate
On January 22, U.S. Senators Maggie Hassan (D-NH), John Cornyn (R-TX), Rob Portman (R-OH), and Gary Peters (D-MI) introduced the Cybersecurity State Coordinator Act. The legislation would require the Department of Homeland Security to establish a Cybersecurity State Coordinator position in every state. Each state would have its own federally funded Cybersecurity Coordinator, who would be responsible for helping to prevent and respond to cybersecurity threats by working with federal, state, and local governments as well as schools, hospitals, and other entities. NASCIO and numerous state CIOs and CISOs worked extensively on the drafting of this bill. Check out the bill >
NASCIO Releases 2020 Federal Advocacy Priorities
NASCIO’s Executive Committee approved our annual list of federal advocacy priorities for 2020. These priorities include: continued harmonization of federal cybersecurity regulations, advocate for dedicated cybersecurity funding for state and local governments with CIOs as key decisionmakers, advocate for the widespread adoption of the DotGov domain for local governments, and the recognition of state authority and ongoing innovation with emerging technologies. Take a look at NASCIO’s 2020 federal advocacy priorities >
Congress Expresses Concern About REAL ID Deadline
On January 30, a bipartisan group of Senators and Representatives sent a letter to the Department of Homeland Security (DHS) for details on its plans regarding the October 1, 2020 deadline for the switch to REAL ID compliant identification cards. The letter expressed concern of the potential for nearly 100,000 Americans to be stranded from air travel. See the letter sent to DHS >
NASCIO’s Technology Champion Award recognizes one individual annually for outstanding contributions in the field of information technology in the public sector. The recipient champions the critical role of IT and innovation in the business and continuity of state government, and advances the belief that IT is a transformational tool that enables positive change for citizens.
Nominations are due Wednesday, February 5. Champions of state technology from any industry are eligible. Current state CIOs are not eligible for the award.