H.R. 3869, State and Local Cyber Protection Act of 2015, as amended

H.R. 3869

State and Local Cyber Protection Act of 2015, as amended

Sponsor
Rep. Will Hurd

Date
December 10, 2015 (114th Congress, 1st Session)

Staff Contact
Communications

Floor Situation

On Thursday, December 10, 2015, the House will consider H.R. 3869, the State and Local Cyber Protection Act of 2015, as amended, under suspension of the rules.  H.R. 3869 was introduced on November 2, 2015 by Rep. Will Hurd (R-TX) and was referred to the Committee on Homeland Security, which ordered the bill reported by voice vote on November 4, 2015.

Bill Summary

H.R. 3869 directs the National Cybersecurity and Communications Integration Center (NCCIC) at the Department of Homeland Security (DHS) to coordinate with state and local governments, and at their request, provide assistance to help secure their information systems.

Specifically, the NCCIC would, to the extent practicable, be required to:

  • Assist state and local governments, upon request, in identifying information system vulnerabilities and information security protections commensurate with cybersecurity risks;
  • Consult with state and local governments and develop and periodically update a web portal to communicate available tools for state and local governments to utilize,
  • Provide voluntary technical training for state and local cybersecurity analysts;
  • Work with state and local government officials to implement effective cybersecurity tools;
  • Provide privacy and civil liberties training to state and local government officials; and,
  • Inform state and local officials about cybersecurity best practices.

The bill also requires NCCIC, not later than two years after enactment, to provide Congress with information on the effectiveness of the activities required by the bill, incorporating feedback from state and local stakeholders.

Background

The National Cybersecurity and Communications Integration Center (NCCIC) within the Department of Homeland Security “shares information among public and private sector partners to build awareness of vulnerabilities, incidents, and mitigations. Cyber and industrial control systems users can subscribe to information products, feeds, and services at no cost.”[1]  The Center serves as an around-the-clock centralized location for the coordination and integration of cyber situational awareness and management.  NCCIC partners include: all Federal departments and agencies; State, local, Tribal, and territorial governments; the private sector; and intergovernmental entities.

NCCIC provides its partners with enhanced situational awareness of cybersecurity incidents and risks, as well as information to manage cyber vulnerabilities, threats, and incidents.  In 2014, NCCIC received more than 97,000 incident reports, and issued nearly 12,000 actionable cyber-alerts or warnings.  NCCIC teams detected more than 64,000 significant vulnerabilities on Federal and non-Federal systems and directly responded to 115 significant cyber incidents last year.[2]

H.R. 3869 is designed to enhance state and local government access to federal resources when it comes to securing their digital information systems.  According to the bill sponsor, “state and local governments often do not have access to adequate personnel or technical cybersecurity resources. [. . .] This is common-sense legislation that strengthens our nation’s cyber posture at every level of government.”[3]

______________________
[1] http://www.dhs.gov/national-cybersecurity-communications-integration-center
[2] See testimony of the Honorable Suzanne E. Spaulding, Under Secretary, National Protection and Programs Directorate, U.S. Department of Homeland Security, at 2, before the House Committee on Homeland Security.  February 25, 2015.
[3] See Press Release—“Hurd Introduces Bill to Bolster State and Local Government Cybersecurity,” November 2, 2015.

Cost

A Congressional Budget Office (CBO) cost estimate is currently unavailable.

Additional Information

For questions or further information please contact Jerry White with the House Republican Policy Committee by email or at 5-0190.