skip to main content

S. 2520: State and Local Government Cybersecurity Act of 2021


The text of the bill below is as of May 13, 2022 (Preprint (Suspension)).


IC




                                                                       117TH CONGRESS
                                                                          2D SESSION
                                                                                                               S. 2520

                                                                                     IN THE HOUSE OF REPRESENTATIVES
                                                                                                               JANUARY 18, 2022
                                                                                                Referred to the Committee on Homeland Security




                                                                                                                AN ACT
                                                                       To amend the Homeland Security Act of 2002 to provide
                                                                          for engagements with State, local, Tribal, and territorial
                                                                          governments, and for other purposes.

                                                                         1              Be it enacted by the Senate and House of Representa-
                                                                         2 tives of the United States of America in Congress assembled,
kjohnson on DSK79L0C42PROD with BILLS




                                        VerDate Sep 11 2014   23:50 Jan 18, 2022   Jkt 029200    PO 00000   Frm 00001   Fmt 6652   Sfmt 6201   E:\BILLS\S2520.RFH   S2520

2 1 SECTION 1. SHORT TITLE. 2 This Act may be cited as the ‘‘State and Local Gov- 3 ernment Cybersecurity Act of 2021’’. 4 SEC. 2. AMENDMENTS TO THE HOMELAND SECURITY ACT 5 OF 2002. 6 Subtitle A of title XXII of the Homeland Security 7 Act of 2002 (6 U.S.C. 651 et seq.) is amended— 8 (1) in section 2201 (6 U.S.C. 651), by adding 9 at the end the following: 10 ‘‘(7) SLTT ENTITY.—The term ‘SLTT entity’ 11 means a domestic government entity that is a State 12 government, local government, Tribal government, 13 territorial government, or any subdivision thereof.’’; 14 and 15 (2) in section 2209 (6 U.S.C. 659)— 16 (A) in subsection (c)(6), by inserting 17 ‘‘operational and’’ before ‘‘timely’’; 18 (B) in subsection (d)(1)(E), by inserting ‘‘, 19 including an entity that collaborates with elec- 20 tion officials,’’ after ‘‘governments’’; and 21 (C) by adding at the end the following: 22 ‘‘(p) COORDINATION ON CYBERSECURITY FOR SLTT 23 ENTITIES.— 24 ‘‘(1) COORDINATION.—The Center shall, upon kjohnson on DSK79L0C42PROD with BILLS 25 request and to the extent practicable, and in coordi- 26 nation as appropriate with Federal and non-Federal S 2520 RFH VerDate Sep 11 2014 23:50 Jan 18, 2022 Jkt 029200 PO 00000 Frm 00002 Fmt 6652 Sfmt 6201 E:\BILLS\S2520.RFH S2520
3 1 entities, such as the Multi-State Information Shar- 2 ing and Analysis Center— 3 ‘‘(A) conduct exercises with SLTT entities; 4 ‘‘(B) provide operational and technical cy- 5 bersecurity training to SLTT entities to ad- 6 dress cybersecurity risks or incidents, with or 7 without reimbursement, related to— 8 ‘‘(i) cyber threat indicators; 9 ‘‘(ii) defensive measures; 10 ‘‘(iii) cybersecurity risks; 11 ‘‘(iv) vulnerabilities; and 12 ‘‘(v) incident response and manage- 13 ment; 14 ‘‘(C) in order to increase situational aware- 15 ness and help prevent incidents, assist SLTT 16 entities in sharing, in real time, with the Fed- 17 eral Government as well as among SLTT enti- 18 ties, actionable— 19 ‘‘(i) cyber threat indicators; 20 ‘‘(ii) defensive measures; 21 ‘‘(iii) information about cybersecurity 22 risks; and 23 ‘‘(iv) information about incidents; kjohnson on DSK79L0C42PROD with BILLS S 2520 RFH VerDate Sep 11 2014 23:50 Jan 18, 2022 Jkt 029200 PO 00000 Frm 00003 Fmt 6652 Sfmt 6201 E:\BILLS\S2520.RFH S2520
4 1 ‘‘(D) provide SLTT entities notifications 2 containing specific incident and malware infor- 3 mation that may affect them or their residents; 4 ‘‘(E) provide to, and periodically update, 5 SLTT entities via an easily accessible platform 6 and other means— 7 ‘‘(i) information about tools; 8 ‘‘(ii) information about products; 9 ‘‘(iii) resources; 10 ‘‘(iv) policies; 11 ‘‘(v) guidelines; 12 ‘‘(vi) controls; and 13 ‘‘(vii) other cybersecurity standards 14 and best practices and procedures related 15 to information security, including, as ap- 16 propriate, information produced by other 17 Federal agencies; 18 ‘‘(F) work with senior SLTT entity offi- 19 cials, including chief information officers and 20 senior election officials and through national as- 21 sociations, to coordinate the effective implemen- 22 tation by SLTT entities of tools, products, re- 23 sources, policies, guidelines, controls, and proce- 24 dures related to information security to secure kjohnson on DSK79L0C42PROD with BILLS S 2520 RFH VerDate Sep 11 2014 23:50 Jan 18, 2022 Jkt 029200 PO 00000 Frm 00004 Fmt 6652 Sfmt 6201 E:\BILLS\S2520.RFH S2520
5 1 the information systems, including election sys- 2 tems, of SLTT entities; 3 ‘‘(G) provide operational and technical as- 4 sistance to SLTT entities to implement tools, 5 products, resources, policies, guidelines, con- 6 trols, and procedures on information security; 7 ‘‘(H) assist SLTT entities in developing 8 policies and procedures for coordinating vulner- 9 ability disclosures consistent with international 10 and national standards in the information tech- 11 nology industry; and 12 ‘‘(I) promote cybersecurity education and 13 awareness through engagements with Federal 14 agencies and non-Federal entities. 15 ‘‘(q) REPORT.—Not later than 1 year after the date 16 of enactment of this subsection, and every 2 years there- 17 after, the Secretary shall submit to the Committee on 18 Homeland Security and Governmental Affairs of the Sen- 19 ate and the Committee on Homeland Security of the 20 House of Representatives a report on the services and kjohnson on DSK79L0C42PROD with BILLS S 2520 RFH VerDate Sep 11 2014 23:50 Jan 18, 2022 Jkt 029200 PO 00000 Frm 00005 Fmt 6652 Sfmt 6201 E:\BILLS\S2520.RFH S2520
6 1 capabilities that the Agency directly and indirectly pro- 2 vides to SLTT entities.’’. Passed the Senate January 11 (legislative day, Jan- uary 10), 2022. Attest: SONCERIA ANN BERRY, Secretary. kjohnson on DSK79L0C42PROD with BILLS S 2520 RFH VerDate Sep 11 2014 23:50 Jan 18, 2022 Jkt 029200 PO 00000 Frm 00006 Fmt 6652 Sfmt 6201 E:\BILLS\S2520.RFH S2520