2017-04-17 National Governors Association

State Cyber Resiliency Act

The Honorable Mark Warner
U.S. Senate
703 Hart Senate Office Building
Washington, DC 20510

The Honorable Cory Gardner
U.S. Senate
354 Russell Senate Office Building
Washington, DC 20510

The Honorable Derek Kilmer
U.S. House of Representatives
1520 Longworth House Office Building
Washington, D.C. 20515

The Honorable Barbara Comstock
U.S. House of Representatives
229 Cannon House Office Building
Washington, D.C. 20515

Dear Sens. Warner and Gardner and Reps. Kilmer and Comstock,

On behalf of the nation’s states, cities, and counties, we write to thank you and express our support for the strong intergovernmental partnership behind the State Cyber Resiliency Act (S.516 and H.R.1134). These bills would strengthen the nation’s cybersecurity posture through state and local cybersecurity grants administered by the U.S. Department of Homeland Security (DHS).

The growing number of attacks on our cyber networks has become one of the most serious economic and national security threats our nation faces. These attacks continue to increase in sophistication and state and local governments are at considerable risk of cyberattacks. Ransomware has had a particularly crippling effect on local governments, and state governments have seen a dramatic increase in hacktivism. States and localities are stretching finite public safety and information technology budgets to meet these new threats to critical infrastructure, sensitive databases, and public infrastructure.

In response, the majority of states now have established and approved cybersecurity strategies or plans to tackle the threats to their governments. According to the 2016 Deloitte-NASCIO Cybersecurity Study, there is a direct correlation between having an established cybersecurity strategy and obtaining more full-time staff dedicated to cybersecurity as well as year-over-year budget increases.  Additionally, since the inception of the Deloitte-NASCIO Cybersecurity Study, the top barrier cited by state chief information security officers has been insufficient funding (80% in 2016). The State Cyber Resiliency Act attempts to mitigate the funding challenge while also promoting best practices.

For these reasons, the National Governors Association (NGA), the National Association of State Chief Information Officers (NASCIO), the National League of Cities (NLC), and the National Association of Counties (NACo) applaud the introduction of this legislation. The new grant program authorized by the State Cyber Resiliency Act would prioritize best practices at all levels of government and help participating state and local governments coordinate resources, better respond to threats, and plan for a strong and resilient cyber future. It also ensures that funds are spent wisely, by requiring that participating states have an approved statewide cyber resiliency plan and that at least half of grant funds are distributed to local and tribal governments.

Thank you for your leadership on this issue. We look forward to our continued partnership. If you have any questions, please do not hesitate to contact any of our staff: Anna Davis (NGA) at adavis@NGA.org,  Yejin Cooke (NASCIO) at ycooke@NASCIO.org; Angelina Panettieri (NLC) at panettieri@NLC.org; or Jacob Terrell at jterrell@NACo.org.

Sincerely,

Scott Pattison
National Governors Association

Doug Robinson
NASCIO Executive Director

Clarence Anthony
NLC Executive Director

Matthew D. Chase
NACo Executive Director