Lawmakers Introduce Bill to Help State and Local Governments Address Cyberattacks

May 12, 2021 Updated: May 12, 2021

A bipartisan group of House lawmakers introduced a bill on Wednesday that would launch a $500 million grant program to help state and local governments bolster security in their computer networks.

The proposal comes as the nation is grappling with a series of cybersecurity attacks that had crippled infrastructure in state and local agencies, schools, and private corporations across the country. This includes ransomware attacks that had forced a school district in Massachusetts to cancel its first day of in-person classes and a separate attack against the Colonial Pipeline, which halted fuel operations resulting in gas shortages across several states.

The bill, dubbed the State and Local Cybersecurity Improvement Act, seeks to augment state and local government resources to deal with cybersecurity vulnerabilities, including encouraging them to increase cybersecurity funding and develop strategies to address the threats.

The proposal also encourages state and local governments to work closely with the Department of Homeland Security, the agency responsible for issuing grants, to ensure that threats are identified and plans are implemented.

Rep. Yvette Clarke (D-N.Y.), Chairwoman of the House Homeland Security Committee cybersecurity subcommittee, is leading the effort to ensure the bill’s passage. She is joined by House Homeland Security Committee Chairman Bennie Thompson (D-Miss.), ranking member Rep. John Katko (R-N.Y.), and cybersecurity subcommittee ranking member Rep. Andrew Garbarino (R-N.Y.).

“In the decade since I first Chaired the cybersecurity subcommittee, the number of cases and the financial impact of ransomware have skyrocketed. These attacks are more than a mere inconvenience–they are a national security threat,” Clarke said in a statement.

“That is why I introduced the State and Local Cybersecurity Improvement Act, which would authorize $500 million in annual grants to state, local, Tribal, and Territorial governments to strengthen their cybersecurity, while insisting they step up to prioritize cybersecurity in their own budgets.”

Garbarino added, “Cyber-attacks have increased at an alarming rate in recent years. These attacks are an imminent and existential threat to our national security, and we must do everything we can to prevent their continued occurrence.”

This year, the federal government has been dealing with the fallout of the SolarWinds attack, which is said to have affected nine federal agencies and 100 private sector companies in the United States.

The hack, which was first reported by cybersecurity firm FireEye, itself a SolarWinds customer, is believed to be the biggest ever uncovered, prompting the U.S. government to assemble a multi-department task force to respond to the threat.

Separately, Microsoft said earlier this year that a China-linked cyber-espionage group used vulnerabilities in Microsoft’s email program to compromise email inboxes. In a blog post, the company attributed the cyberattack to Hafinium, a group assessed to be state-sponsored and operating out of China.

Other groups of lawmakers have also introduced measures to address those threats, including a bill that would allow Americans to sue foreign countries or their agents that engage in cyberattacks against Americans in federal or state courts.

Follow Janita on Twitter: @janitakan