- A bipartisan, bicameral bill introduced this week would create a grant program in the Department of Homeland Security (DHS) to help states develop and implement cyber resilience measures in response to the growing threat of cyber attacks.
- The grants would be available for efforts including strengthening computer networks, identifying cyber threats, mitigating damage in a potential attack or recovering from a cyber attack. The bill also contains language to help recruit and retain cybersecurity workers. No dollar amount is specified in the bill.
- The bill was introduced by U.S. Sens. Cory Gardner, R-CO, and Mark Warner, D-VA, and Reps. Derek Kilmer, D-WA, and Michael McCaul, R-TX.
Cyber attacks have crippled governments in cities like Baltimore; Allentown, PA and Medford, OR. Last spring, a high-profile ransomware attack in Atlanta caused outages across the city’s digital systems, forcing city officials to abandon their computers for work in the weeks after the attack and wiping digital records.
Despite that, public funding has not kept up with the threat in many local and state governments. A 2018 Deloitte-NASCIO survey of 50 state officials in charge of information security found that budgeting was the biggest barrier states face in addressing cybersecurity threats. Nearly half of the respondents said their state did not have a separate cybersecurity budget line, and overall most states allocate between 0% and 3% of their IT budgets to cybersecurity.
"As cyberattacks increase in frequency and gravity, we must ensure that our nation — from our local governments on up — is adequately prepared to protect public safety and combat cyber threats," Warner said in a statement. "This bill will aim to mitigate that need by providing grants to state and local jurisdictions so that they are better prepared to take on these emerging challenges."
The grant funding and cyber workforce support could help more cities follow the lead of Los Angeles, which opened a cybersecurity lab last year, and New York City, which has pledged $100 million from the government and private partners in order to foster cybersecurity training and fund degree programs at universities.