Bill Overview
Title: State and Local Government Cybersecurity Act of 2021
Description: This bill provides for collaboration between the Department of Homeland Security (DHS) and state, local, tribal, and territorial governments, as well as corporations, associations, and the general public, regarding cybersecurity. The bill expands DHS responsibilities through grants and cooperative agreements, including provision of assistance and education related to cyber threat indicators, proactive and defensive measures and cybersecurity technologies, cybersecurity risks and vulnerabilities, incident response and management, analysis, and warnings. The bill requires the National Cybersecurity and Communications Integration Center, upon request, to coordinate with entities such as the Multi-State Information Sharing and Analysis Center to engage in specified activities, including to (1) conduct exercises with state, local, tribal, or territorial government entities; (2) provide operational and technical cybersecurity training to such entities; and (3) promote cybersecurity education and awareness.
Sponsors: Sen. Peters, Gary C. [D-MI]
Target Audience
Population: people whose digital interactions are protected or managed by state and local governments
Estimated Size: 165000000
- The legislation primarily targets state, local, tribal, and territorial governments within the United States, impacting the officials and employees within these entities responsible for managing and securing IT infrastructure.
- Corporations, especially those collaborating with governmental bodies or operating critical infrastructure, will also be affected as they adjust to new collaborative cybersecurity practices, impacting IT and operations teams.
- The general public, particularly within the U.S., may experience indirect impacts due to changes in how their data is managed and protected by government entities in light of improved cybersecurity measures.
- The collaboration efforts and expanded responsibilities aim to address vulnerabilities and strengthen cybersecurity, which can have broad implications for any individuals whose data is held by state and local entities, thus indirectly impacting all citizens.
- Globally, entities who interact with U.S. state and local governments or corporations working within these domains may see indirect impacts primarily related to operational changes and potential increased cybersecurity collaborations or requirements.
Reasoning
- The policy primarily affects employees within state and local government sectors who manage IT infrastructure, thus these individuals will be directly impacted, especially in terms of their job responsibilities and training requirements.
- Corporations interfacing with governmental bodies will feel the effects through need-for increased cybersecurity measures and collaborations, affecting IT departments.
- The general public is indirectly impacted; improved cybersecurity can raise confidence in digital interactions, thereby potentially improving perceived safety and trust in government data management.
- The cost constraints limit the initial infrastructure and training expansions, likely focusing on high-priority areas or regions with known vulnerabilities.
- Government employees, IT professionals, and city planners from diverse areas and backgrounds should be represented to depict varied impacts.
Simulated Interviews
IT Specialist in Local Government (Richmond, Virginia)
Age: 35 | Gender: female
Wellbeing Before Policy: 7
Duration of Impact: 20.0 years
Commonness: 8/20
Statement of Opinion:
- The policy helps ensure we stay updated with the latest cybersecurity practices, which is a huge relief for my team's workload.
- It sounds like more training opportunities will arise, which is appealing as skill enhancement.
- I expect an initial overwhelming phase due to adaptations but, overall, it represents progress.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 8 | 7 |
| Year 2 | 8 | 7 |
| Year 3 | 9 | 7 |
| Year 5 | 9 | 6 |
| Year 10 | 9 | 6 |
| Year 20 | 8 | 5 |
Cybersecurity Consultant for Corporations (Seattle, Washington)
Age: 50 | Gender: male
Wellbeing Before Policy: 6
Duration of Impact: 10.0 years
Commonness: 6/20
Statement of Opinion:
- The policy is a step forward for government coordination in cybersecurity protection.
- Expect it to generate more consulting opportunities and demand for security audits.
- This should drive technological adoption rather than creating a security hindrance.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 7 | 6 |
| Year 2 | 7 | 6 |
| Year 3 | 7 | 5 |
| Year 5 | 8 | 5 |
| Year 10 | 8 | 5 |
| Year 20 | 7 | 4 |
Small Business Owner (Miami, Florida)
Age: 28 | Gender: female
Wellbeing Before Policy: 5
Duration of Impact: 5.0 years
Commonness: 15/20
Statement of Opinion:
- I haven’t noticed any direct effects from the policy on my operations yet.
- If governments are more secure, maybe it means less chance of my business data getting compromised.
- Hope it reduces overall cyber threats, indirectly benefiting me.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 5 | 5 |
| Year 2 | 5 | 5 |
| Year 3 | 6 | 5 |
| Year 5 | 6 | 4 |
| Year 10 | 6 | 4 |
| Year 20 | 6 | 4 |
High School Teacher (Denver, Colorado)
Age: 41 | Gender: male
Wellbeing Before Policy: 7
Duration of Impact: 15.0 years
Commonness: 10/20
Statement of Opinion:
- The increased focus on cybersecurity education is promising for curriculum improvement.
- Can integrate case studies and new governmental practices directly in class lessons.
- Students excited to learn about real policy applications enhance their interest.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 7 | 7 |
| Year 2 | 8 | 7 |
| Year 3 | 8 | 7 |
| Year 5 | 9 | 7 |
| Year 10 | 9 | 7 |
| Year 20 | 8 | 6 |
City Planner (New York City, New York)
Age: 30 | Gender: other
Wellbeing Before Policy: 6
Duration of Impact: 20.0 years
Commonness: 7/20
Statement of Opinion:
- Coordination on cybersecurity is necessary for city planning regarding efficient data management.
- This policy supports disaster recovery by reinforcing prevention tactics at the state level.
- Resource allocations still seem unclear, awaiting explicit application frameworks.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 7 | 6 |
| Year 2 | 8 | 6 |
| Year 3 | 8 | 5 |
| Year 5 | 9 | 5 |
| Year 10 | 9 | 4 |
| Year 20 | 9 | 4 |
Retired State Government Employee (Santa Fe, New Mexico)
Age: 62 | Gender: female
Wellbeing Before Policy: 5
Duration of Impact: 10.0 years
Commonness: 12/20
Statement of Opinion:
- This policy appears necessary given the rise in cyber incidents nationwide.
- Glad to see long-term thinking from the government in cybersecurity defenses.
- It improves my peace of mind about how my information is handled by state systems.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 6 | 5 |
| Year 2 | 6 | 5 |
| Year 3 | 7 | 5 |
| Year 5 | 7 | 4 |
| Year 10 | 7 | 4 |
| Year 20 | 7 | 3 |
Tech Startup Founder (Austin, Texas)
Age: 45 | Gender: male
Wellbeing Before Policy: 7
Duration of Impact: 10.0 years
Commonness: 5/20
Statement of Opinion:
- Expect stricter guidelines on cybersecurity, but this opens new business opportunities too.
- Overall, looks like positive progress for partnerships between private and public sectors.
- Hope the policy improves protection while remaining business-friendly.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 8 | 7 |
| Year 2 | 8 | 7 |
| Year 3 | 9 | 7 |
| Year 5 | 9 | 6 |
| Year 10 | 8 | 6 |
| Year 20 | 8 | 5 |
University Student in Cybersecurity (Chicago, Illinois)
Age: 22 | Gender: female
Wellbeing Before Policy: 6
Duration of Impact: 20.0 years
Commonness: 8/20
Statement of Opinion:
- This policy increases my future job prospects within the government sector.
- Extra training and educational materials might be available due to new initiatives.
- I'm excited about learning and contributing to updated defenses on a national level.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 7 | 6 |
| Year 2 | 8 | 6 |
| Year 3 | 9 | 6 |
| Year 5 | 9 | 5 |
| Year 10 | 9 | 5 |
| Year 20 | 8 | 5 |
Tribal Government Employee (Tucson, Arizona)
Age: 38 | Gender: male
Wellbeing Before Policy: 5
Duration of Impact: 20.0 years
Commonness: 3/20
Statement of Opinion:
- Finally seeing attention on tribal cybersecurity needs within policy frameworks.
- A challenge remains to ensure resources are appropriately distributed to tribal areas.
- Eager to see cooperative agreements and local training become reality.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 6 | 5 |
| Year 2 | 7 | 5 |
| Year 3 | 8 | 5 |
| Year 5 | 9 | 5 |
| Year 10 | 9 | 4 |
| Year 20 | 8 | 4 |
Freelance Ethical Hacker (Boston, Massachusetts)
Age: 27 | Gender: male
Wellbeing Before Policy: 6
Duration of Impact: 10.0 years
Commonness: 6/20
Statement of Opinion:
- I expect more government-led initiatives will increase demand for ethical hacking to test systems.
- This is good for my business and personal career development.
- Sharing information can lead to a more robust security community.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 7 | 6 |
| Year 2 | 8 | 6 |
| Year 3 | 8 | 7 |
| Year 5 | 9 | 7 |
| Year 10 | 9 | 6 |
| Year 20 | 8 | 6 |
Cost Estimates
Year 1: $150000000 (Low: $100000000, High: $200000000)
Year 2: $150000000 (Low: $100000000, High: $200000000)
Year 3: $150000000 (Low: $100000000, High: $200000000)
Year 5: $150000000 (Low: $100000000, High: $200000000)
Year 10: $100000000 (Low: $50000000, High: $150000000)
Year 100: $10000000 (Low: $5000000, High: $20000000)
Key Considerations
- Cybersecurity threats are an evolving challenge making it necessary for ongoing review and updates to policies and implementations.
- The large variability in the effectiveness of educational programs and cooperative cybersecurity efforts can impact the realized benefits and costs of the program.
- Direct monitoring and evaluation of program results are crucial to minimize waste and ensure alignment with national cybersecurity goals.