Governments across the world are starting to realize how important cybersecurity really is. The United States is currently working on legislation that would help protect state and local governments by appointing a cybersecurity leader for every state. These initiatives at the federal level coincided with a recent DHS warning of the strong potential for cyber attacks from Iran. Cybersecurity seems to be rising to the lips and pens of our legislative bodies of government.
United States’ Legislation from CyberHoot’s Home State: NH
The warning from the DHS certainly got everybody scrambling and looking for ways to secure their networks and systems. New Hampshire Senator, Maggie Hassan, introduced a bill known as the Cybersecurity State Coordinator Act of 2020, which if passed, would require DHS to establish a cybersecurity state coordinator in every state across the nation. Maggie explained why she introduced this bill stating:
“When New Hampshire’s Strafford County and Sunapee School District were hit by ransomware attacks this past year, officials had systems in place to mitigate damage,” Hassan said. “But as they made clear to me, the federal government needs to do more to ensure that state and local entities have the resources and training that they need to prevent and respond to cyberattacks.”
It is important that everyone, not only government entities, such as Schools, Cities, and Towns, have proper cybersecurity hygiene. This legislation, if passed would be a strong step in the right direction. As currently drafted, this legislation would require the following responsibilities of the cybersecurity leader of every state:
- Building strategic relationships across Federal and non-Federal entities by advising on establishing governance structures to facilitate developing and maintaining secure and resilient infrastructure;
- Serving as a principal Federal cybersecurity risk advisor and coordinating between Federal and non-Federal entities to support preparation, response, and remediation efforts relating to cybersecurity risks and incidents;
- Facilitating the sharing of cyber threat information between Federal and non-Federal entities to improve understanding of cybersecurity risks and situational awareness of cybersecurity incidents;
- Raising awareness of the financial, technical, and operational resources available from the Federal Government to non-Federal entities to increase resilience against cyber threats;
- Supporting training, exercises, and planning for continuity of operations to expedite recovery from cybersecurity incidents, including ransomware;
- Serving as a principal point of contact for non-Federal entities to engage with the Federal Government on preparing, managing, and responding to cybersecurity incidents;
- Assisting non-Federal entities in developing and coordinating vulnerability disclosure programs consistent with Federal and information security industry standards; and
- Performing such other duties as necessary to achieve the goal of managing cybersecurity risks in the United States and reducing the impact of cyber threats to non-Federal entities.
The position certainly has a lot of responsibilities as soon as they walk through that door, but it will be needed to help improve the security of everyone in the state.
You can expect more legislation within the US focusing on helping public and private sectors shore up the systems we use to run our great nation. Increasing cybersecurity awareness, ensuring threats are understood, vulnerabilities are mitigated, and strategic security plans and relationships are created will be crucial to protecting the US from cyber attack.
I’m an SMB Owner, what should I be doing?
SMB Owners should be building their own Cybersecurity Program to protect themselves from the onslaught of cyber-attacks. SMB owners need to:
- Govern employees with cybersecurity policies;
- Train employees on the types of attacks we all face and how to avoid them;
- Establish a Risk Management framework for identifying, prioritizing, and remediating risks;
- Evaluate your technology protections for when your governance and training aren’t followed and employees accidentally cause an issue.
CyberHoot is an excellent starting place to learn more about cybersecurity and how to combat the threats we all face from cyber attack.