As many as 80% of states in the US may be vulnerable to cyber-attacks. Virginia Senator Mark Warner believes that “cyberattacks are one of the fastest growing threats to our country,” yet most states are unequipped to provide sufficient cybersecurity to ward off assaults. To address this, Warner along with US Representatives Derek Kilmer and Barbara Comstock, and US Senator Cory Gardner introduced a bipartisan bill, State Cyber Resiliency Act, which will help local, state, and tribal governments receive the funding they need to boost cybersecurity.
This act calls for cybersecurity grants to help identify, detect, protect, respond, and recover from cyber threats. When enacted into law, the grant program will be managed by the Federal Emergency Management Agency (FEMA) with funding determined by the Department of Homeland Security’s allocated budget for each year from 2018-2023. Estimates for total funding range between $50M to $1B per year, based on similar DHS grant programs.
Under the proposed act, states would draw up their plans and apply for funding through FEMA. Proposals will need to: enhance the preparation, response, and resiliency of computer and communications networks; improve the recruitment and retention of a qualified workforce to prevent/protect cyber-attacks; and incorporate existing cyber threat prevention plans. Funding is to be awarded on a competitive basis as decided by the review committee.
The Magnitude of the State and Local Cybersecurity Challenge
According to a 2015 Ponemon Institute study, half of all state and local governments have experienced six to 25 breaches over the past two years; and another 12% have suffered more than 25 breaches. Just this past year, hackers breached 200,000 personal voter records in Illinois and Arizona.
A 2016 Deloitte-NASCIO report found that most states currently apply less than 2% of their IT budget to cybersecurity. The “lack of sufficient funding” is the most significant cyber security challenge for 80% of CIOs, followed by “inadequate availability of cyber security professionals.”
“It should come as no surprise that cities are increasingly targeted for cyberattacks from sophisticated hackers. Cities need federal support to provide local governments with the tools and resources needed to protect their citizens and serve them best,” says Matt Zone, president of the National League of Cities (NLC),
Senator Gardner believes it is “critical that our state and local governments invest in cyber preparedness and training. The proposed grant program will help our communities with this effort.”
Representative Kilmer states, “It’s time we had better protection for consumers, workers, businesses, and governments. This bipartisan plan gives states more tools to fight back against these attacks and encourages the continued growth of a talented cyber workforce in my region and across the nation.”
The bottom line, according to Senator Warner, is “the State Cyber Resiliency Act would provide grants to state and local jurisdictions, so they are better prepared to take on these emerging challenges in the cyber domain.”
This blog was co-authored by Bob Nilsson and Lisa Yeaton.