President Biden recently signed into law the State and Local Cybersecurity Act of 2021, which will codify and strengthen the relationship between state and local government cybersecurity authorities and the Federal government, specifically with the Department of Homeland Security (DHS).

Approved by the House of Representatives in May, the legislation directs DHS to share information with state, local, Tribal, and territorial (SLTT) governments to assist them in preventing and recovering from cyberattacks. It also requires DHS to report to Congress on the effectiveness of these efforts.

Further, the law expands DHS’ responsibilities, including imposing a number of obligations on the National Cybersecurity and Communications Integration Center (NCCIC). Going forward, NCCIC will coordinate with Federal and non-Federal entities to:

  • Conduct exercises with SLTT governments;
  • Provide operational and technical training to SLTT governments;
  • Share in real time certain information with SLTT; and
  • Provide notifications containing specific incident and malware information to SLTT governments that can affect them or their residents.

The bill was led through Congress by Sens. Gary Peters, D-Mich., and Rob Portman, R-Ohio, and Rep. Joe Neguse, D-Colo.

In a statement, Rep. Neguse explained that the new law is vital because state and local governments are being increasingly targeted by high-profile cyberattacks and they do not have the tools to safeguard their systems.

“Senator Peters and I introduced both the State and Local Government Cybersecurity Act and the Supply Chain Security Training Act to better defend the personal data of our constituents and of Americans across the country,” said Rep. Neguse. “For hackers, state and local governments are an attractive target — we must increase support to these entities so that they can strengthen their systems and better defend themselves from harmful cyber-attacks.”

Hackers have successfully breached cyber defenses in places like Michigan, Atlanta, Baltimore, and Louisiana, along with Neguse’s Colorado. A recent cyberattack in 2018 on Colorado’s Department of Transportation cost the state an estimated $1.5 million.

“State and local governments in Michigan and across the nation continue to be targeted by cybercriminals and other malicious actors. These attacks can prevent access to essential services, compromise sensitive and personal information, and disrupt our daily lives and livelihoods,” said Sen. Peters. “This commonsense legislation will strengthen coordination between all levels of government and give local officials in Michigan and across the country additional tools and resources to combat cyberattacks.”