With Congress out of session for August, and the President touring the country to pitch new economic programs, it's a good time to focus on key national issues that impact state CIOs. This week we focus on The Cybersecurity Act (S. 1353).
As we highlighted last week, the Senate Commerce, Science, and Transportation committee has given its blessing to bipartisan legislation from Chairman Rockefeller (D-WV) and Ranking Member Thune (R-SD) that would provide Congressional authorization for the ongoing development of a voluntary cybersecurity framework, as well as bolstering cyber workforce development, education, research and development, and public awareness activities.
What’s Our Take?
NASCIO supports S.1353. Rockefeller and Thune’s bill provides some of the basic, necessary steps Congress must take to start improving our country’s stance against cyber threats. As importantly, they took great pains to ensure the intergovernmental relationship was cooked into the authorization language.
This bill and its sponsors should be applauded for taking a smart first step toward securing our nation. That said, Congress will need to continue take other steps to create a comprehensive approach to cybersecurity. For instance, the Federal Information Security Management Act (FISMA) still must be reformed if we want to better protect citizen data at all levels of government.
In addition, Congress will need to provide authorization for many of the incentives that the White House is considering to entice the nation to adopt the national cybersecurity framework it is drafting. We’ll tackle this in a later post, but you can find more information on the proposed incentives through the White House blog, “Incentives to Support Adoption of the Cybersecurity Framework.”
Here are some key takeaways from the bill:
In General:
- The bill continuously ties state and local governments, and the information sharing and analysis centers (ISACs) into the framework. By providing this sort of legislative direction, it ensures an intergovernmental and collaborative approach.
- The bill denies states the ability to regulate sectors or industry based on information shared through the framework.
Research and Development:
-
Promotes ‘cybersecurity test beds’ to demo cyber defense (and attacks) across the country. These could be beneficial for states.
-
Permits states to participate and collaborate in federally funded cybersecurity research and development initiatives.
Education and Workforce Development:
-
Provides legislative backing for the federal cyber scholarship-for-service program, and ensures the program addresses the needs of not just federal, but also “state, local, and tribal governments.” Those that receive the scholarship must agree to work for a federal, state, tribal, or local government entity for a duration equal to that of the scholarship.
- Promotes competitions and challenges specifically for bolstering the cyber workforce. It includes state and local workforce education as part of the mission.
- Includes affiliation and cooperative agreements with “regional, state or school programs supporting the development of cyber professionals” and “State, local and tribal governments” along with the private sector for building the cyber workforce.
Awareness and Preparedness:
-
The bill includes outreach to state/locals and private sector on effective risk management of info infrastructure, threat mitigation and remediation, and promoting cyber workforce education programs at all educational levels.
Questions? Comments? Send e-mails to mherckis@amrms.com or swenger@amrms.com.
Your Weekly Techbytes:
Cyber Funding Under Our Noses
$116,000: What You Need to Pay for the Average Cyber Pro
Is the US Government an IP Hypocrite or Just in Love with Apple?
If the Chinese Army is Trying to Hack a Missouri Water Plant, What else is it Infiltrating?
Georgia Saving Millions with Open Source Technology
David Wennergren: The Exit Interview