[Congressional Record Volume 168, Number 7 (Tuesday, January 11, 2022)]
[Senate]
[Pages S161-S162]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]




          STATE AND LOCAL GOVERNMENT CYBERSECURITY ACT OF 2021

  Mr. SCHUMER. Madam President, I ask unanimous consent that the Senate 
proceed to the immediate consideration of Calendar No. 152, S. 2520.
  The PRESIDING OFFICER. The clerk will report the bill by title.
  The legislative clerk read as follows:

       A bill (S. 2520) to amend the Homeland Security Act of 2002 
     to provide for engagements with State, local, Tribal, and 
     territorial governments, and for other purposes.

  There being no objection, the Senate proceeded to consider the bill, 
which had been reported from the Committee on Homeland Security and 
Governmental Affairs, with an amendment to strike all after the 
enacting clause and insert in lieu thereof the following:

       [propriate Federal departments and agencies for ensuring 
     the security and resiliency of civilian information systems; 
     and
       [``(J) promote cybersecurity education and awareness 
     through engagements with Federal and non-Federal entities.
       [``(q) Report.--Not later than 1 year after the date of 
     enactment of this subsection, and every 2 years thereafter, 
     the Secretary shall submit to the Committee on Homeland 
     Security and Governmental Affairs of the Senate and the 
     Committee on Homeland Security of the House of 
     Representatives a report on--
       [``(1) the status of cybersecurity measures that are in 
     place, and any gaps that exist, in each State and in the 
     largest urban areas of the United States;
       [``(2) the services and capabilities that the Agency 
     directly provides to governmental agencies or other 
     governmental entities; and
       [``(3) the services and capabilities that the Agency 
     indirectly provides to governmental agencies or other 
     governmental entities through an entity described in section 
     2201(4)(B).''.]

     SECTION 1. SHORT TITLE.

       This Act may be cited as the ``State and Local Government 
     Cybersecurity Act of 2021''.

     SEC. 2. AMENDMENTS TO THE HOMELAND SECURITY ACT OF 2002.

       Subtitle A of title XXII of the Homeland Security Act of 
     2002 (6 U.S.C. 651 et seq.) is amended--
       (1) in section 2201 (6 U.S.C. 651), by adding at the end 
     the following:
       ``(7) SLTT entity.--The term `SLTT entity' means a domestic 
     government entity that is a State government, local 
     government, Tribal government, territorial government, or any 
     subdivision thereof.''; and
       (2) in section 2209 (6 U.S.C. 659)--
       (A) in subsection (c)(6), by inserting ``operational and'' 
     before ``timely'';
       (B) in subsection (d)(1)(E), by inserting ``, including an 
     entity that collaborates with election officials,'' after 
     ``governments''; and
       (C) by adding at the end the following:
       ``(p) Coordination on Cybersecurity for SLTT Entities.--
       ``(1) Coordination.--The Center shall, upon request and to 
     the extent practicable, and in coordination as appropriate 
     with Federal and non-Federal entities, such as the Multi-
     State Information Sharing and Analysis Center--
       ``(A) conduct exercises with SLTT entities;
       ``(B) provide operational and technical cybersecurity 
     training to SLTT entities to address cybersecurity risks or 
     incidents, with or without reimbursement, related to--
       ``(i) cyber threat indicators;
       ``(ii) defensive measures;
       ``(iii) cybersecurity risks;
       ``(iv) vulnerabilities; and
       ``(v) incident response and management;
       ``(C) in order to increase situational awareness and help 
     prevent incidents, assist SLTT entities in sharing, in real 
     time, with the Federal Government as well as among SLTT 
     entities, actionable--
       ``(i) cyber threat indicators;
       ``(ii) defensive measures;
       ``(iii) information about cybersecurity risks; and
       ``(iv) information about incidents;
       ``(D) provide SLTT entities notifications containing 
     specific incident and malware information that may affect 
     them or their residents;
       ``(E) provide to, and periodically update, SLTT entities 
     via an easily accessible platform and other means--
       ``(i) information about tools;
       ``(ii) information about products;
       ``(iii) resources;
       ``(iv) policies;
       ``(v) guidelines;
       ``(vi) controls; and
       ``(vii) other cybersecurity standards and best practices 
     and procedures related to information security;
       ``(F) work with senior SLTT entity officials, including 
     chief information officers and senior election officials and 
     through national associations, to coordinate the effective 
     implementation

[[Page S162]]

     by SLTT entities of tools, products, resources, policies, 
     guidelines, controls, and procedures related to information 
     security to secure the information systems, including 
     election systems, of SLTT entities;
       ``(G) provide operational and technical assistance to SLTT 
     entities to implement tools, products, resources, policies, 
     guidelines, controls, and procedures on information security;
       ``(H) assist SLTT entities in developing policies and 
     procedures for coordinating vulnerability disclosures 
     consistent with international and national standards in the 
     information technology industry; and
       ``(I) promote cybersecurity education and awareness through 
     engagements with Federal agencies and non-Federal entities.
       ``(q) Report.--Not later than 1 year after the date of 
     enactment of this subsection, and every 2 years thereafter, 
     the Secretary shall submit to the Committee on Homeland 
     Security and Governmental Affairs of the Senate and the 
     Committee on Homeland Security of the House of 
     Representatives a report on the services and capabilities 
     that the Agency directly and indirectly provides to SLTT 
     entities.''.

  Mr. SCHUMER. I ask unanimous consent that the committee-reported 
substitute amendment be withdrawn; that the Peters substitute 
amendment, which is at the desk, be considered and agreed to; that the 
bill, as amended, be considered read a third time and passed; and that 
the motion to reconsider be considered made and laid upon the table.
  The PRESIDING OFFICER. Without objection, it is so ordered.
  The committee-reported amendment in the nature of a substitute was 
withdrawn.
  The amendment (No. 4898), in the nature of a substitute, was agreed 
to, as follows:

                (Purpose: In the nature of a substitute)

        Strike all after the enacting clause and insert the 
     following:

     SECTION 1. SHORT TITLE.

       This Act may be cited as the ``State and Local Government 
     Cybersecurity Act of 2021''.

     SEC. 2. AMENDMENTS TO THE HOMELAND SECURITY ACT OF 2002.

       Subtitle A of title XXII of the Homeland Security Act of 
     2002 (6 U.S.C. 651 et seq.) is amended--
       (1) in section 2201 (6 U.S.C. 651), by adding at the end 
     the following:
       ``(7) SLTT entity.--The term `SLTT entity' means a domestic 
     government entity that is a State government, local 
     government, Tribal government, territorial government, or any 
     subdivision thereof.''; and
       (2) in section 2209 (6 U.S.C. 659)--
       (A) in subsection (c)(6), by inserting ``operational and'' 
     before ``timely'';
       (B) in subsection (d)(1)(E), by inserting ``, including an 
     entity that collaborates with election officials,'' after 
     ``governments''; and
       (C) by adding at the end the following:
       ``(p) Coordination on Cybersecurity for SLTT Entities.--
       ``(1) Coordination.--The Center shall, upon request and to 
     the extent practicable, and in coordination as appropriate 
     with Federal and non-Federal entities, such as the Multi-
     State Information Sharing and Analysis Center--
       ``(A) conduct exercises with SLTT entities;
       ``(B) provide operational and technical cybersecurity 
     training to SLTT entities to address cybersecurity risks or 
     incidents, with or without reimbursement, related to--
       ``(i) cyber threat indicators;
       ``(ii) defensive measures;
       ``(iii) cybersecurity risks;
       ``(iv) vulnerabilities; and
       ``(v) incident response and management;
       ``(C) in order to increase situational awareness and help 
     prevent incidents, assist SLTT entities in sharing, in real 
     time, with the Federal Government as well as among SLTT 
     entities, actionable--
       ``(i) cyber threat indicators;
       ``(ii) defensive measures;
       ``(iii) information about cybersecurity risks; and
       ``(iv) information about incidents;
       ``(D) provide SLTT entities notifications containing 
     specific incident and malware information that may affect 
     them or their residents;
       ``(E) provide to, and periodically update, SLTT entities 
     via an easily accessible platform and other means--
       ``(i) information about tools;
       ``(ii) information about products;
       ``(iii) resources;
       ``(iv) policies;
       ``(v) guidelines;
       ``(vi) controls; and
       ``(vii) other cybersecurity standards and best practices 
     and procedures related to information security, including, as 
     appropriate, information produced by other Federal agencies;
       ``(F) work with senior SLTT entity officials, including 
     chief information officers and senior election officials and 
     through national associations, to coordinate the effective 
     implementation by SLTT entities of tools, products, 
     resources, policies, guidelines, controls, and procedures 
     related to information security to secure the information 
     systems, including election systems, of SLTT entities;
       ``(G) provide operational and technical assistance to SLTT 
     entities to implement tools, products, resources, policies, 
     guidelines, controls, and procedures on information security;
       ``(H) assist SLTT entities in developing policies and 
     procedures for coordinating vulnerability disclosures 
     consistent with international and national standards in the 
     information technology industry; and
       ``(I) promote cybersecurity education and awareness through 
     engagements with Federal agencies and non-Federal entities.
       ``(q) Report.--Not later than 1 year after the date of 
     enactment of this subsection, and every 2 years thereafter, 
     the Secretary shall submit to the Committee on Homeland 
     Security and Governmental Affairs of the Senate and the 
     Committee on Homeland Security of the House of 
     Representatives a report on the services and capabilities 
     that the Agency directly and indirectly provides to SLTT 
     entities.''.

  The bill (S. 2520), as amended, was ordered to be engrossed for a 
third reading, was read the third time, and passed.

                          ____________________