President Biden Signs Two Cybersecurity Bills

Written By Haley Metteauer

On June 21, 2022, President Biden signed the State and Local Government Cybersecurity Act of 2021 (“S. 2520” or the “Cybersecurity Act”) and the Federal Rotational Cyber Workforce Program Act (“S. 1097 or the “Cyber Workforce Program Act”) into law.

These two bills are intended to enhance the cybersecurity efforts of federal, state, and local governments.

The Cybersecurity Act amends the Homeland Security Act of 2002 to:

  • provide better collaborative efforts relating to cybersecurity between “the U.S. Department of Homeland Security (“DHS”) and state, local, tribal and territorial governments, as well as corporations, associations and the general public”;

  • expand DHS responsibilities “though grants and cooperative agreements”; and

  • require the National Cybersecurity and Communications Integration Center (“NCCIC”), upon request, to coordinate with entities like the Multi-State Information Sharing and Analysis Center to:

    • conduct cybersecurity exercises for federal, state, and local governments;

    • provide federal, state, and local governments operational and technical cybersecurity training relating to:

      • cyber threat indicators;

      • defensive measures;

      • cybersecurity risks;

      • vulnerabilities; and

      • incident response and management[.]”

    • assist federal, state, and local governments “in sharing, in real time,” with the Federal Government actionable “cyber threat indicators, defensive measures, information about cybersecurity risks, and information about incidents”; and

    • promote cybersecurity education and awareness.

  • require the Secretary to report, “[n]ot later than 1 year after the date of enactment” of the Cybersecurity Act and “every 2 years thereafter” to the Committee on Homeland Security and Governmental Affairs of the Senate and the Committee on Homeland.”

The Cyber Workforce Program Act:

  • requires that the Director establish “a rotational cyber workforce program” operating plan that outlines “policies, processes, and procedures for a program for the detailing of employees among rotational cyber workforce positions at agencies”; and

  • requires the Comptroller General of the United States to “submit to Congress a report assessing the operation and effectiveness of the rotational cyber workforce program.”

Haley Metteauer
Previous

Forecast: Regulatory Priorities for Cybersecurity
Next

Considerations for the Use of AI in Data Privacy