[Congressional Record Volume 168, Number 83 (Monday, May 16, 2022)]
[House]
[Pages H4978-H4979]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]




          STATE AND LOCAL GOVERNMENT CYBERSECURITY ACT OF 2021

  Mr. MALINOWSKI. Mr. Speaker, I move to suspend the rules and pass the 
bill (S. 2520) to amend the Homeland Security Act of 2002 to provide 
for engagements with State, local, Tribal, and territorial governments, 
and for other purposes.
  The Clerk read the title of the bill.
  The text of the bill is as follows:

                                S. 2520

       Be it enacted by the Senate and House of Representatives of 
     the United States of America in Congress assembled,

     SECTION 1. SHORT TITLE.

       This Act may be cited as the ``State and Local Government 
     Cybersecurity Act of 2021''.

     SEC. 2. AMENDMENTS TO THE HOMELAND SECURITY ACT OF 2002.

       Subtitle A of title XXII of the Homeland Security Act of 
     2002 (6 U.S.C. 651 et seq.) is amended--
       (1) in section 2201 (6 U.S.C. 651), by adding at the end 
     the following:
       ``(7) SLTT entity.--The term `SLTT entity' means a domestic 
     government entity that is a State government, local 
     government, Tribal government, territorial government, or any 
     subdivision thereof.''; and
       (2) in section 2209 (6 U.S.C. 659)--
       (A) in subsection (c)(6), by inserting ``operational and'' 
     before ``timely'';
       (B) in subsection (d)(1)(E), by inserting ``, including an 
     entity that collaborates with election officials,'' after 
     ``governments''; and
       (C) by adding at the end the following:
       ``(p) Coordination on Cybersecurity for SLTT Entities.--
       ``(1) Coordination.--The Center shall, upon request and to 
     the extent practicable, and in coordination as appropriate 
     with Federal and non-Federal entities, such as the Multi-
     State Information Sharing and Analysis Center--
       ``(A) conduct exercises with SLTT entities;
       ``(B) provide operational and technical cybersecurity 
     training to SLTT entities to address cybersecurity risks or 
     incidents, with or without reimbursement, related to--
       ``(i) cyber threat indicators;
       ``(ii) defensive measures;
       ``(iii) cybersecurity risks;
       ``(iv) vulnerabilities; and
       ``(v) incident response and management;
       ``(C) in order to increase situational awareness and help 
     prevent incidents, assist SLTT entities in sharing, in real 
     time, with the Federal Government as well as among SLTT 
     entities, actionable--
       ``(i) cyber threat indicators;
       ``(ii) defensive measures;
       ``(iii) information about cybersecurity risks; and
       ``(iv) information about incidents;
       ``(D) provide SLTT entities notifications containing 
     specific incident and malware information that may affect 
     them or their residents;
       ``(E) provide to, and periodically update, SLTT entities 
     via an easily accessible platform and other means--
       ``(i) information about tools;
       ``(ii) information about products;
       ``(iii) resources;
       ``(iv) policies;
       ``(v) guidelines;
       ``(vi) controls; and
       ``(vii) other cybersecurity standards and best practices 
     and procedures related to information security, including, as 
     appropriate, information produced by other Federal agencies;
       ``(F) work with senior SLTT entity officials, including 
     chief information officers and senior election officials and 
     through national associations, to coordinate the effective 
     implementation by SLTT entities of tools, products, 
     resources, policies, guidelines, controls, and procedures 
     related to information security to secure the information 
     systems, including election systems, of SLTT entities;
       ``(G) provide operational and technical assistance to SLTT 
     entities to implement tools, products, resources, policies, 
     guidelines, controls, and procedures on information security;
       ``(H) assist SLTT entities in developing policies and 
     procedures for coordinating vulnerability disclosures 
     consistent with international and national standards in the 
     information technology industry; and
       ``(I) promote cybersecurity education and awareness through 
     engagements with Federal agencies and non-Federal entities.
       ``(q) Report.--Not later than 1 year after the date of 
     enactment of this subsection, and every 2 years thereafter, 
     the Secretary shall submit to the Committee on Homeland 
     Security and Governmental Affairs of the Senate and the 
     Committee on Homeland Security of the House of 
     Representatives a report on the services and capabilities 
     that the Agency directly and indirectly provides to SLTT 
     entities.''.
  The SPEAKER pro tempore. Pursuant to the rule, the gentleman from New 
Jersey (Mr. Malinowski) and the gentleman from Kansas (Mr. LaTurner) 
each will control 20 minutes.
  The Chair recognizes the gentleman from New Jersey.


                             General Leave

  Mr. MALINOWSKI. Mr. Speaker, I ask unanimous consent that all Members 
may have 5 legislative days to revise and extend their remarks and to 
include extraneous material on this measure.
  The SPEAKER pro tempore. Is there objection to the request of the 
gentleman from New Jersey?
  There was no objection.
  Mr. MALINOWSKI. Mr. Speaker, I yield myself such time as I may 
consume.
  Mr. Speaker, in recent months the world has watched in horror as 
Russia launched its unprovoked and illegal invasion of Ukraine. 
Russia's actions have, once again, reminded us of the potential for 
cyberattacks on critical infrastructure here in the United States.
  With State and local governments operating large amounts of critical 
infrastructure, including essential public services like schools, 
emergency response agencies, and water utilities, it is essential that 
State and local governments have strong cybersecurity practices.
  In March, in response to the current threat landscape, President 
Biden sent a letter to the Nation's Governors urging them to take 
actions to enhance their cyber defenses. The Federal Government must 
continue to expand our partnerships with States as they carry out this 
important national security work.
  Congress has already taken some critical steps in this effort this 
Congress, thanks to the leadership of my colleagues on the Homeland 
Security Committee. Last year, the House passed Congresswoman Yvette 
Clarke's State and Local Cybersecurity Improvement Act which created a 
new grant program to assist State, local, Tribal, and territorial 
Governments with strengthening their cybersecurity. This legislation 
was signed by President Biden in the fall as part of the bipartisan 
infrastructure law and will provide $1 billion in much-needed help over 
the next 4 years.
  Additionally, last year, Congress passed the K-12 Cybersecurity Act 
introduced by Senator Peters and Congressman Langevin. That bill 
directs the Cybersecurity and Infrastructure Security Agency to study 
the cyber risks posed to K-12 educational institutions and provide them 
with additional resources to better defend themselves.
  Right now, I am proud to be working on a bipartisan basis with 
Senators Peters and Cornyn, and my Homeland Security Committee 
colleague Representative Garbarino, on the Satellite Cybersecurity Act, 
urgently needed legislation to better protect critical infrastructure 
used at the municipal, State, and Federal level that relies on 
commercial satellite data to work properly.
  Passing S. 2520 will build on these efforts by further strengthening 
the relationship between DHS and State and local Governments as they 
work to defend our country against cyberattacks. More specifically, it 
would permit DHS to provide State and local Governments with access to 
cybersecurity resources and encourage collaboration in using these 
resources, including joint cybersecurity exercises.

                              {time}  1430

  Additionally, the bill will strengthen the relationship between DHS 
and the Multi State Information Sharing and Analysis Center to help 
State and local governments receive the most updated information 
regarding potential threats and gain access to greater technical 
assistance.
  I thank Senators Peters and Portman for their leadership in 
introducing this bill, I urge my colleagues to support the legislation, 
and I reserve the balance of my time.
  Mr. LaTURNER. Mr. Speaker, I yield myself such time as I may consume.

[[Page H4979]]

  Mr. Speaker, I rise today in support of S. 2520, the State and Local 
Government Cybersecurity Act of 2021.
  Today, State and local governments are not in the position to defend 
their networks against cyberattacks from sophisticated foreign 
adversaries or cybercriminals. State and local governments are rich 
targets for cyber adversaries, and the frequency of attacks is only 
accelerating as budgets are increasingly constrained.
  The Federal Government needs to redouble their efforts to support 
State, local, Tribal, and territorial government entities to bolster 
their cybersecurity posture.
  To help remedy this, this bill amends the Homeland Security Act of 
2002 to provide for engagements with SLTT entities to increase Federal 
support and information sharing.
  Additionally, the bill expands DHS' responsibilities concerning 
grants and cooperative agreements. The bill also provides DHS the 
ability to coordinate with SLTT entities to conduct exercises, provide 
technical and operational cybersecurity training, as well as promote 
cybersecurity education and awareness.
  S. 2520 will help shore up SLTT vulnerabilities against malicious 
cyberattackers and will go a long way to strengthen our more localized 
entities that are closer to the everyday American.
  I urge Members to join me in supporting S. 2520, and I yield back the 
balance of my time.
  Mr. MALINOWSKI. Mr. Speaker, I yield myself the balance of my time.
  Mr. Speaker, we rely on State and local governments for some of our 
most basic and necessary public services. We have seen many communities 
across the country experience disruptions in those vital services due 
to ransomware attacks originating from Russia.
  In this current threat environment, with a heightened risk of even 
more dangerous cyberattacks, S. 2520 would enhance DHS's collaboration 
with State and local governments in addressing this pressing national 
security threat.
  By passing this bill and sending it to the President, we will 
continue our ongoing efforts to expand critical Federal cybersecurity 
assistance to State and local governments.
  Mr. Speaker, I urge my colleagues to support S. 2520, and I yield 
back the balance of my time.
  The SPEAKER pro tempore. The question is on the motion offered by the 
gentleman from New Jersey (Mr. Malinowski) that the House suspend the 
rules and pass the bill, S. 2520.
  The question was taken.
  The SPEAKER pro tempore. In the opinion of the Chair, two-thirds 
being in the affirmative, the ayes have it.
  Mr. BISHOP of North Carolina. Mr. Speaker, on that I demand the yeas 
and nays.
  The SPEAKER pro tempore. Pursuant to section 3(s) of House Resolution 
8, the yeas and nays are ordered.
  Pursuant to clause 8 of rule XX, further proceedings on this motion 
are postponed.

                          ____________________