[Congressional Bills 116th Congress]
[From the U.S. Government Publishing Office]
[S. 3207 Introduced in Senate (IS)]

<DOC>






116th CONGRESS
  2d Session
                                S. 3207

    To require the Director of the Cybersecurity and Infrastructure 
Security Agency to establish a Cybersecurity State Coordinator in each 
                     State, and for other purposes.


_______________________________________________________________________


                   IN THE SENATE OF THE UNITED STATES

                            January 16, 2020

   Ms. Hassan (for herself, Mr. Cornyn, Mr. Portman, and Mr. Peters) 
introduced the following bill; which was read twice and referred to the 
        Committee on Homeland Security and Governmental Affairs

_______________________________________________________________________

                                 A BILL


 
    To require the Director of the Cybersecurity and Infrastructure 
Security Agency to establish a Cybersecurity State Coordinator in each 
                     State, and for other purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Cybersecurity State Coordinator Act 
of 2020''.

SEC. 2. FINDINGS.

    Congress finds that--
            (1) cyber threats, such as ransomware, against State, 
        local, Tribal, and territorial entities have grown at an 
        alarming rate;
            (2) State, local, Tribal, and territorial entities face a 
        growing threat from advanced persistent threat actors, hostile 
        nation states, criminal groups, and other malicious cyber 
        actors;
            (3) there is an urgent need for greater engagement and 
        expertise from the Federal Government to help these entities 
        build their resilience and defenses; and
            (4) coordination within Federal entities and between 
        Federal and non-Federal entities, including State, local, 
        Tribal, and territorial governments, Information Sharing and 
        Analysis Centers, election officials, State adjutants general, 
        and other non-Federal entities, is critical to anticipating, 
        preventing, managing, and recovering from cyberattacks.

SEC. 3. CYBERSECURITY STATE COORDINATOR.

    (a) In General.--Subtitle A of title XXII of the Homeland Security 
Act of 2002 (6 U.S.C. 651 et seq.) is amended--
            (1) in section 2202(c) (6 U.S.C. 652(c))--
                    (A) in paragraph (10), by striking ``and'' at the 
                end;
                    (B) by redesignating paragraph (11) as paragraph 
                (12); and
                    (C) by inserting after paragraph (10) the 
                following:
            ``(11) appoint a Cybersecurity State Coordinator in each 
        State, as described in section 2215; and''; and
            (2) by adding at the end the following:

``SEC. 2215. CYBERSECURITY STATE COORDINATOR.

    ``(a) Appointment.--The Director shall appoint an employee of the 
Agency in each State who shall serve as the Cybersecurity State 
Coordinator.
    ``(b) Duties.--The duties of a Cybersecurity State Coordinator 
appointed under subsection (b) shall include--
            ``(1) building strategic relationships across Federal and 
        non-Federal entities by advising on establishing governance 
        structures to facilitate developing and maintaining secure and 
        resilient infrastructure;
            ``(2) serving as a principal Federal cybersecurity risk 
        advisor and coordinating between Federal and non-Federal 
        entities to support preparation, response, and remediation 
        efforts relating to cybersecurity risks and incidents;
            ``(3) facilitating the sharing of cyber threat information 
        between Federal and non-Federal entities to improve 
        understanding of cybersecurity risks and situational awareness 
        of cybersecurity incidents;
            ``(4) raising awareness of the financial, technical, and 
        operational resources available from the Federal Government to 
        non-Federal entities to increase resilience against cyber 
        threats;
            ``(5) supporting training, exercises, and planning for 
        continuity of operations to expedite recovery from 
        cybersecurity incidents, including ransomware;
            ``(6) serving as a principal point of contact for non-
        Federal entities to engage with the Federal Government on 
        preparing, managing, and responding to cybersecurity incidents;
            ``(7) assisting non-Federal entities in developing and 
        coordinating vulnerability disclosure programs consistent with 
        Federal and information security industry standards; and
            ``(8) performing such other duties as necessary to achieve 
        the goal of managing cybersecurity risks in the United States 
        and reducing the impact of cyber threats to non-Federal 
        entities.
    ``(c) Feedback.--The Director shall take into account relevant 
feedback provided by State and local officials regarding the 
appointment, and State and local officials and other non-Federal 
entities regarding the performance, of the Cybersecurity State 
Coordinator of a State.''.
    (b) Oversight.--Not later than 1 year after the date of enactment 
of this Act, the Director of the Cybersecurity and Infrastructure 
Security Agency shall provide to the Committee on Homeland Security and 
Governmental Affairs of the Senate and the Committee on Homeland 
Security of the House of Representatives a briefing on the placement 
and efficacy of the Cybersecurity State Coordinators appointed under 
section 2215 of the Homeland Security Act of 2002, as added by 
subsection (a).
    (c) Rule of Construction.--Nothing in this section or the 
amendments made by this section shall be construed to affect or 
otherwise modify the authority of Federal law enforcement agencies with 
respect to investigations relating to cybersecurity incidents.
    (d) Technical and Conforming Amendment.--The table of contents in 
section 1(b) of the Homeland Security Act of 2002 (Public Law 107-296; 
116 Stat. 2135) is amended by inserting after the item relating to 
section 2214 the following:

``Sec. 2215. Cybersecurity State Coordinator.''.
                                 <all>