Offensive Security Welcomes Cybersecurity Bills Signed into Law
On Tuesday, June 21, 2022, the White House announced that President Biden signed two crucial cybersecurity bills into law that will strengthen the federal government’s cyber workforce. These laws will increase cybersecurity cooperation between the federal, state, and local governments across the U.S.
The President signed into law S. 1097, the “Federal Rotational Cyber Workforce Program Act of 2021,” and S. 2520, the “State and Local Government Cybersecurity Act of 2021.”
The Federal Rotational Cyber Workforce Program Act of 2021 establishes a federal rotational cyber workforce program. This bill will enable federal cybersecurity employees to rotate through the various federal agencies to bolster those agencies’ cybersecurity capabilities and the U.S. government’s overall cybersecurity posture. Senate Homeland Security Chairman Sen. Gary Peters (D-MI), Sen. John Hoeven (R-ND), and Representatives Ro Khanna (D-CA) and Nancy Mace (R-SC) introduced the Federal Rotational Cyber Workforce Program Act originally.
The State and Local Government Cybersecurity Act of 2021 that the President signed into law requires the Department of Homeland Security (DHS) to increase collaboration with state, local, tribal, and territorial governments, corporations, associations, and the general public regarding cybersecurity issues. The “State and Local Government Cybersecurity Act of 2021” was introduced by Sens. Peters, Rob Portman (R-OH), Jacky Rosen (D-NV), and Representative Joe Neguse (D-CO).
“We advanced this legislation to improve career opportunities for cybersecurity professionals, including those in the private sector, who want to bring their expertise to the federal government. The personnel rotation program created by our bill will help ensure federal agencies can recruit and retain a skilled workforce that is better able to protect against and counter the threats we face,” said Senator Hoeven.
“Offensive Security is proud to support the Federal Rotational Cyber Workforce Program Act. We believe federal cybersecurity professionals will better understand how critical information systems in disparate departments function across government agencies,” stated Keith Peer, Head of Federal, Offensive Security. “In essence, this law advances the Offensive Security ‘Try Harder’ mindset that enhances federal cybersecurity employee skills and abilities,” Peer said.
“A strong national security posture is impossible without a strong cyber workforce. To effectively combat ongoing threats we must have highly skilled, federal IT professionals who can safeguard our networks,” said Senator Peters. “This new law will help ensure there is a pipeline of talented and qualified cybersecurity professionals who can protect our systems and prevent bad actors from stealing sensitive data and compromising national security,” he said.
The State and Local Government Cybersecurity Act of 2021 expands the Department of Homeland Security’s responsibilities through grants and cooperative agreements, including providing assistance and education related to cyber threat indicators, proactive and defensive measures, cybersecurity technologies, cybersecurity risks, vulnerabilities, incident response, and management, analysis, and warnings. The law requires the National Cybersecurity and Communications Integration Center, upon request, to coordinate with entities such as the Multi-State Information Sharing and Analysis Center to engage in specified activities, including:
- Conduct exercises with state, local, tribal, or territorial government entities;
- Provide operational and technical cybersecurity training to such entities; and
- Promote cybersecurity education and awareness.
State and local governments increasingly find themselves targeted by high-profile cyber-attacks, costing taxpayers millions of dollars and threatening the data privacy of millions of Americans. For example, last May, a cyber-attack hit the city of Tulsa, Oklahoma, exposing residents’ Social Security numbers. In recent years, the city of Florence, Alabama, paid hackers to unlock city computer systems, the city of New Orleans paid millions of dollars after a ransomware attack, and a hacker tried to poison the water supply of the city of Oldsmar, Florida.
“State and local governments have attractive systems and networks for cyber-criminals. These cyber-criminals may be working for nation-state-sponsored groups with unlimited resources with the motivation to cause panic, fear, and distrust in the federal, state, and local governments. As a result, municipalities, school districts, and critical infrastructure systems are attacked at a higher rate than ever before,” stated Peer. “We are excited to see The State and Local Government Cybersecurity Act become law. The legislation took a major step in strengthening the state, local, and federal government’s cybersecurity posture, and provides funding for the education and training of cybersecurity professionals to implement cooperation and protect systems from attack across governments,” Peer said.
Tags: cybersecurity training, government, law