[Congressional Record Volume 168, Number 7 (Tuesday, January 11, 2022)]
[Senate]
[Page S160]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]

  SA 4898. Mr. SCHUMER (for Mr. Peters) proposed an amendment to the 
bill S. 2520, to amend the Homeland Security Act of 2002 to provide for 
engagements with State, local, Tribal, and territorial governments, and 
for other purposes; as follows:

        Strike all after the enacting clause and insert the 
     following:

     SECTION 1. SHORT TITLE.

       This Act may be cited as the ``State and Local Government 
     Cybersecurity Act of 2021''.

     SEC. 2. AMENDMENTS TO THE HOMELAND SECURITY ACT OF 2002.

       Subtitle A of title XXII of the Homeland Security Act of 
     2002 (6 U.S.C. 651 et seq.) is amended--
       (1) in section 2201 (6 U.S.C. 651), by adding at the end 
     the following:
       ``(7) SLTT entity.--The term `SLTT entity' means a domestic 
     government entity that is a State government, local 
     government, Tribal government, territorial government, or any 
     subdivision thereof.''; and
       (2) in section 2209 (6 U.S.C. 659)--
       (A) in subsection (c)(6), by inserting ``operational and'' 
     before ``timely'';
       (B) in subsection (d)(1)(E), by inserting ``, including an 
     entity that collaborates with election officials,'' after 
     ``governments''; and
       (C) by adding at the end the following:
       ``(p) Coordination on Cybersecurity for SLTT Entities.--
       ``(1) Coordination.--The Center shall, upon request and to 
     the extent practicable, and in coordination as appropriate 
     with Federal and non-Federal entities, such as the Multi-
     State Information Sharing and Analysis Center--
       ``(A) conduct exercises with SLTT entities;
       ``(B) provide operational and technical cybersecurity 
     training to SLTT entities to address cybersecurity risks or 
     incidents, with or without reimbursement, related to--
       ``(i) cyber threat indicators;
       ``(ii) defensive measures;
       ``(iii) cybersecurity risks;
       ``(iv) vulnerabilities; and
       ``(v) incident response and management;
       ``(C) in order to increase situational awareness and help 
     prevent incidents, assist SLTT entities in sharing, in real 
     time, with the Federal Government as well as among SLTT 
     entities, actionable--
       ``(i) cyber threat indicators;
       ``(ii) defensive measures;
       ``(iii) information about cybersecurity risks; and
       ``(iv) information about incidents;
       ``(D) provide SLTT entities notifications containing 
     specific incident and malware information that may affect 
     them or their residents;
       ``(E) provide to, and periodically update, SLTT entities 
     via an easily accessible platform and other means--
       ``(i) information about tools;
       ``(ii) information about products;
       ``(iii) resources;
       ``(iv) policies;
       ``(v) guidelines;
       ``(vi) controls; and
       ``(vii) other cybersecurity standards and best practices 
     and procedures related to information security, including, as 
     appropriate, information produced by other Federal agencies;
       ``(F) work with senior SLTT entity officials, including 
     chief information officers and senior election officials and 
     through national associations, to coordinate the effective 
     implementation by SLTT entities of tools, products, 
     resources, policies, guidelines, controls, and procedures 
     related to information security to secure the information 
     systems, including election systems, of SLTT entities;
       ``(G) provide operational and technical assistance to SLTT 
     entities to implement tools, products, resources, policies, 
     guidelines, controls, and procedures on information security;
       ``(H) assist SLTT entities in developing policies and 
     procedures for coordinating vulnerability disclosures 
     consistent with international and national standards in the 
     information technology industry; and
       ``(I) promote cybersecurity education and awareness through 
     engagements with Federal agencies and non-Federal entities.
       ``(q) Report.--Not later than 1 year after the date of 
     enactment of this subsection, and every 2 years thereafter, 
     the Secretary shall submit to the Committee on Homeland 
     Security and Governmental Affairs of the Senate and the 
     Committee on Homeland Security of the House of 
     Representatives a report on the services and capabilities 
     that the Agency directly and indirectly provides to SLTT 
     entities.''.
                                 ______