With two fresh bills having made their way through the House and Senate, the Biden Administration remains steadfast in its efforts to strengthen cybersecurity measures in the United States. The pair of bills – one of which aims to bolster coordination between state and local governments and the Cybersecurity and Infrastructure Security Agency (CISA) – echoes the urgency of other recent cybersecurity directives from the U.S. government. On the heels of the one-year anniversary of Biden’s Executive Order on cybersecurity, these initiatives bubble up to the same goal: strengthening the government against current and future cyber threats on multiple levels.
The State and Local Government Cybersecurity Act puts CISA at the helm of steering the National Cybersecurity and Communications Integrations Center (NCCIC), so that they can more effectively share with state and local governments the tools, procedures, policies, and products they use for security. Ultimately, this will strengthen communication across the board and improve the efficacy of the Multi-State Information Sharing and Analysis Center.
Ryan Cote, former CIO for the Department of Transportation and consultant to Invicti, explained why state and local governments need this new bill.
“The government has become the most targeted industry by threat actors,” Cote said. “This new cyber legislation, coupled with the recently passed S.3600 ‘Strengthening American Cybersecurity Act’ and the Federal funding allocated from the previously passed 2021 Infrastructure Bill, will continue to help improve the government’s response to these ever-increasing threats posed by cybercriminals.”
As agencies work to scale their cybersecurity efforts and prevent these wide-scale attacks – especially for web applications – we must clear the pathway for integrating security with new and existing technologies, processes, and workflows. Government entities require reliable protection that can evolve with their business needs as the threat landscape changes so that they’re confident in their level of threat protection.
“Due to a wide range of budgeting needs,” Cote elaborated, “It can be challenging for agencies to get the funding they need to invest in modern tooling and additional cyber talent. The Federal Emergency Management Agency (FEMA) cyber grant program, administered in consultation with the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, will solve some of this pressure by distributing $1 billion over four years to state and local governments.”
This Federal funding is available only to SLED constituents for the express purpose of helping state and local entities improve, shore up, and expand their current cyber capabilities. With these changes in the works, Cote noted that agencies must deploy those critical ransomware solutions, integrate application and DevSecOps tools, and implement cloud, network, and endpoint defenses to “rapidly fight the ever-growing threat posed by cyber bad actors and hackers.”
Fortifying the cybersecurity workforce
A second bill passed by President Biden, the Federal Rotational Cyber Workforce Program Act, is designed to facilitate a civilian personnel rotation program within federal agencies. The bill establishes a more formal process for allowing cybersecurity employees to move between agencies to develop more skills, help close knowledge gaps, and enhance information sharing.
As the talent shortage and skills gap in cybersecurity looms, the Federal Rotation Cyber Workforce Program Act is poised to help. The key goal is to enhance the nation’s federal cybersecurity workforce by opening doors to talent and offering new professional experiences for growth.
Retaining talent within the government is now mission-critical as there are over 700,000 unfilled cybersecurity roles in the United States, nearly 40,000 of which are in the public sector. Senator Jacky Rosen, one of the U.S. senators in support of the bill, stated back in May that the risk to national and economic security is real when it comes to the strength of the cybersecurity workforce.
“The shortage of U.S. cybersecurity professionals leaves our nation vulnerable to debilitating cyber attacks,” Rosen said. “As a former computer programmer, I know that in order to successfully protect our nation against a myriad of cyber threats, we must expand and strengthen our federal cyber workforce.”
As a former CIO for the Federal government, Ryan Cote is familiar with the roadblocks that can come with attracting and retaining cybersecurity professionals. He stated, “There simply isn’t enough cybersecurity talent on the market, and you’re constantly competing with other industries. Any additional incentives or professional development that agencies can offer is worth exploring.”
As the Biden Administration continues to fortify security processes and procedures for government agencies, we’re on hand to discuss what organizations of all sizes can do to keep pace with modern threats in cybersecurity. Learn more about how government agencies can modernize their application security program with our latest white paper on Zero Trust Architecture.