congress-cyber-bills
Compliance and Regulatory

Three Recent Cybersecurity Bills From Congress

Short on time? Listen instead.

The United States Congress has recently enacted three new cybersecurity bills to combat the rising number of attacks against federal, state, and local agencies. Attacks from advanced persistent threats (APTs) and nation-state-backed threat actors, as well as less well-known attackers, have cost billions of dollars, threatened national security, caused disruptions in the supply chain, and exposed millions of records. 

With a heavily impacted workforce reduced by the pandemic, the defenders of the government have found it challenging to continue to secure the nation’s data and infrastructure from these attacks or to enhance what is already existing. With a finite number of cybersecurity professionals and a high level of work to be accomplished, the threat to the continued operation of governmental agencies cannot be ignored.

What Happened

The legislation that Congress has been working on is designed to promulgate the information garnered by one group or agency into the much larger cybersecurity circle of practitioners, making it possible to expedite the mitigation of or recover from attacks that tend to occur over the majority. The decrease in time to resolution of problems and avoidance when possible enhances overall security for all involved.

Training, collaboration, and having the right people in the right place at the right time is the most effective way to ensure that an organization can stop cyberattacks before they happen or mitigate the results. Congress is tasked with legislating how some of those efforts are made a reality through the bills and investigations it accomplishes.

In that vein, the three laws are:

  • The “Supply Chain Security Training Act of 2021” became public law on the 16th of June this year. This law speaks to training officials responsible for the risk management functions around supply chain management within federal agencies from all three branches of the government. Specifically throughout the acquisition life cycle for information and communications technology.
  • More recently, the “State and Local Government Cybersecurity Act of 2021” was also signed into law. On June 21, 2022, President Biden signed the act into law, allowing the Department of Homeland Security (DHS) to collaborate with state, local, tribal, and territorial governments. The law also fosters collaboration between agencies, corporations, associations, and the general public. With enhanced communications and collaboration, all groups involved can use lessons learned from one another to reduce the time between the discovery of problems and their resolutions.
  • The House has passed the “Federal Rotational Cyber Workforce Program Act of 2021” to allow some federal employees to move from agency to agency to allow personnel to go where they are needed. This reduces the need to immediately enter into a hiring process that can take months or even years to complete and offers a cross-agency pool of expertise to be made available.

A continual escalation of attacks against the government, businesses, and individuals requires constant and effective efforts to battle. Each of the above bills is an example of these efforts by the federal government to stem the influx of malware, halt data theft, and limit harassment by threat actors of all types. Each, in its way, tries to foster a better understanding of the attacks being committed and attempts to bring the appropriate measures to bear to combat them. 

How will this Affect You?

While each bill has a targeted audience, the overall goal is to improve and enhance the cybersecurity capabilities of our government and civil sectors. It may not seem to affect you directly, but it does in the end. 

By protecting our infrastructure and government, we significantly reduce the threat to other sectors through the natural “umbrella” created. When the government or businesses learn of a threat and counteract it, this creates new methodologies and techniques that are passed on to the public through various means. For instance, the National Institute of Standards and Technology (NIST) takes lessons learned from all sources and promotes that information to everyone.

Federal agencies will be able to disseminate information concerning new attacks and threats to state and local governments, or the opposite can also happen. 

The shared responsibility of cybersecurity will be much enhanced overall as each group finds the information that it would not normally have access to becomes available. Federal individuals can support multiple agencies and groups without the vast amounts of red tape or expensive loss of time.

For those in the general public, this professional level of collaboration and dissemination of information related to best practices and attack vectors provides a superior resource to access and gain insights that will be valuable in their cybersecurity efforts.

What should you do?

As these bills are just beginning to be enacted and governmental agencies have the chance to better understand them, they will create avenues for various groups to further improve upon what exists in the cybersecurity realm. Those improvements will filter down your organization via the cybersecurity professionals you employ directly or through service providers and legal advisors. Take advantage of their knowledge, experience, and the growing body of information derived from these new laws.

Watch for notifications through various cybersecurity and information technology forums and sites, such as NIST, of updates to existing laws, regulations, and best practices. Use your resources to improve your planning and implementations. 

Northstarr Recommendations 

There is no better way to save money and time than to learn from those that came before you and expand on that knowledge. This is exactly what Northstarr System Solutions does when we offer you the expertise and skills our team of professionals has gained over the decades. We watch for the new laws and regulations, keep track of how attackers are infiltrating your data centers and networks, and we constantly employ those lessons learned to offer you the best protection possible.

To find out more about how we can help, visit our website or give us a call at (888) 767-2210 to set up an appointment.  We look forward to meeting with you!