03.10.16

Senators Perdue, Peters Introduce Bipartisan Legislation To Improve Cybersecurity Coordination

WASHINGTON, D.C. – U.S. Senators David Perdue (R-GA) and Gary Peters (D-MI) today introduced the State and Local Cyber Protection Act, bipartisan legislation to promote better coordination of cybersecurity efforts between state, local, and federal governments.  

“Cyberwarfare is the new frontier for foreign governments and hackers to threaten our national security,” said Senator Perdue, a member of the Senate Foreign Relations Committee. “Anonymous attacks have already stolen Americans’ personal information and sensitive data from businesses and agencies. As our adversaries change their tactics, more coordination between state and federal governments is critical to combat potential vulnerabilities and future attacks.”

“America faces unprecedented risks to our cyber infrastructure, and we must act to both combat these threats and protect the sensitive information of American citizens,” said Senator Peters, a member of the Senate Homeland Security Committee. “I’m pleased to introduce this bipartisan legislation that will help ensure all levels of government are equipped with the best practices and resources to counter cyber threats.”

“We applaud the introduction of the State and Local Cyber Protection Act by Senators Peters and Perdue. In partnership with states, counties are often responsible for managing critical information that needs to be safeguarded for privacy and personal protection. Counties work to ensure the security of information that travels through our nation's cyber systems,” said Matthew Chase, Executive Director of the National Association of Counties. “The State and Local Cyber Protection Act would increase access to resources to help protect critical information from criminal hacking.  We look forward to continuing to work with Congress on legislation that provides counties with the tools necessary to mitigate the risk of cyber-attacks.”

The State and Local Cyber Protection Act will enhance ongoing collaboration efforts between the National Cybersecurity and Communications Integration Center (NCCIC), which shares information regarding cybersecurity vulnerabilities, incidents, and mitigations with public and private sector partners, including state, local, and tribal governments. Specifically, this legislation would require the NCCIC to provide state and local governments with:

  • Assistance, upon request, in identifying cyber vulnerabilities and appropriate security protections;
  • Tools, policies, procedures, and other materials related to information security, and to work with state and local officials to coordinate effective implementation of these resources;
  • Technical and operational assistance, upon request, to utilize technology in the analysis, continuous diagnosis and mitigation, and evaluation of cyber threats and responses;
  • Assistance to develop policies and procedures consistent with industry best practices and international standards, including cybersecurity frameworks developed by the National Institute of Standards and Technology;
  • Technical assistance and cybersecurity training, upon request, to state and local personnel and fusion center analysts; and
  • Privacy and civil liberties training as relates to cybersecurity, focusing on consistency with existing privacy laws and DHS policies, minimizing the retention and use of unnecessary information, and prompt removal of the personally identifiable information “unrelated” to a cyber threat.