State and Local Cyber Protection Act of 2017 2017-02-16 Introduced in Senate State and Local Cyber Protection Act of 2017

This bill amends the Homeland Security Act of 2002 to require the Department of Homeland Security's (DHS's) national cybersecurity and communications integration center (NCCIC) to assist state and local governments with cybersecurity by:

  • upon request, identifying system vulnerabilities and information security protections to address unauthorized access, use, disclosure, disruption, modification, or destruction of information collected or maintained by, or information systems used or operated by, state or local governments or other organizations or contractors on their behalf;
  • providing via a web portal updated resources and guidelines related to information security;
  • coordinating through national associations to implement information security tools and policies to ensure the resiliency of state and local information systems;
  • providing training on cybersecurity, privacy, and civil liberties;
  • providing requested technical assistance to deploy technology that continuously diagnoses and mitigates cyber threats and to conduct threat and vulnerability assessments;
  • coordinating vulnerability disclosures under standards developed by the National Institute of Standards and Technology; and
  • ensuring that state and local governments are aware of DHS resources and other federal tools to ensure the security and resiliency of federal civilian information systems.

The NCCIC's privacy and civil liberties training must include: (1) reasonable limits on the receipt, retention, use, and disclosure of information associated with specific persons that is not necessary for cybersecurity purposes; (2) data integrity standards requiring the prompt removal and destruction of obsolete or erroneous names and personal information that is unrelated to the risk or incident information; (3) safeguards and confidentiality protections for cyber threat indicators and defensive measures, including information that is proprietary or business-sensitive that may be used to identify specific persons from unauthorized access or acquisition; and (4) methods to ensure that obtained information is used only to address cybersecurity risks and threats or as specifically authorized by law.

The NCCIC must seek feedback from state and local governments on the effectiveness of such activities and provide such information to Congress.

]]> text/xml EN Pursuant to Title 17 Section 105 of the United States Code, this file is not subject to copyright protection and is in the public domain. Congressional Research Service, Library of Congress This file contains bill summaries for federal legislation. A bill summary describes the most significant provisions of a piece of legislation and details the effects the legislative text may have on current law and federal programs. Bill summaries are authored by the Congressional Research Service (CRS) of the Library of Congress. As stated in Public Law 91-510 (2 USC 166 (d)(6)), one of the duties of CRS is "to prepare summaries and digests of bills and resolutions of a public general nature introduced in the Senate or House of Representatives". For more information, refer to the User Guide that accompanies this file.