The new U.S. Senate bill, which amends the Homeland Security Act of 2002, would also encourage collaboration and information sharing between federal agencies and state and local governments on issues of cybersecurity, training and preparedness.
NASCIO rarely takes explicit positions on policy. The last time the organization put forth a stance on legislation was to discourage passage of controversial contractor monitoring legislation that lobbyists were pushing into state legislatures.
Nonetheless, NASCIO President and Delaware CIO James Collins urged the passage of the bill, saying in a statement last week that for "CIOs and CISOs, this legislation would provide them with additional tools, resources and expertise to counteract a continuous barrage of cyberthreats."
Matt Pincus, NASCIO director of government affairs, said in an interview with Government Technology that the new bill presents a unique opportunity.
“It is rare that we weigh in on legislation at the federal level,” he said. “But we felt that, as an association, that it was important to come out strongly in favor of this bill because of how many components it had that would be beneficial to the states and the CIOs and the CISOs."
The legislation, which was introduced last month and is currently awaiting discussion in the Senate's Homeland Security and Governmental Affairs Committee, would make cybersecurity grant opportunities more available. This money would be a big deal, Pincus said, considering how many governments are strapped for cash when it comes to cybersecurity investment.
“Any federal legislation that tries to make more competitive grants available to the states for the purposes of cybersecurity is always going to be welcomed by our association and our members,” he said.
The legislation would also mandate the creation of a pilot program to deploy advanced network sensors — typically only available at the federal level — that would help state and local governments to identify and filter malicious network traffic, the bill states.
This would be a welcome change, given the rise in threats from bad actors, said Pincus.
“Obviously ransomware is at the forefront of the national conversation just because of how prevalent it’s become and the media coverage,” Pincus said, in regard to cyberthreats. “There’s an understanding from the CIOs and the CISOs that not only are the threats more numerous but they’re more advanced and sophisticated."
“What we appreciate is the states and the CIOs deal with ransomware and all sorts of attempts at network intrusion, and now there’s more of a willingness at the federal level to understand that this is what the state and local levels face on a daily basis, and there’s a willingness to help them out,” he said.