Policy Visualization

Bill Overview

Title: Advancing Cybersecurity Through Continuous Diagnostics and Mitigation Act

Description: This bill establishes programs for continuously diagnosing and mitigating cyber threats to and vulnerabilities of government entities. Specifically, the bill provides statutory authority for a continuous diagnostic and mitigation program maintained by the Cybersecurity and Infrastructure Security Agency (CISA) that assists federal agencies to address cyber threats and vulnerabilities. The bill further requires that CISA maintain this program with or without reimbursement from other agencies. In addition, the Department of Homeland Security must develop a strategy to implement CISA's program and carry out a pilot program to promote the use of tools developed as part of the program in state, tribal, territorial, and local governments.

Sponsors: Sen. Cornyn, John [R-TX]

Target Audience

Population: People working in and for government entities impacted by cybersecurity measures

Estimated Size: 300000

The bill aims to enhance cybersecurity measures for government entities, which include federal, state, tribal, territorial, and local governments.
It involves continuous diagnostics and mitigation of cyber threats and vulnerabilities, implying technical staff in these jurisdictions will need to adopt and integrate these tools.
Employees and contractors working for these government bodies will directly interact with or manage the program.
Additionally, the general public who interact with government services may indirectly benefit from increased cybersecurity, thereby reducing incidents of data breaches and identity theft.

Reasoning

The policy targets government entities, focusing on improving cybersecurity measures.
The immediate impact would likely be on IT personnel and decision-makers in these entities who manage cyber threats.
General public's interaction with government services should become more secure, which indirectly affects well-being by reducing the potential for data breaches.
The budget constraint necessitates a focus primarily on strategic areas with the highest risk or need for cyber defense improvements.

Simulated Interviews

Federal IT security analyst (Washington, DC)

Age: 34 | Gender: female

Wellbeing Before Policy: 6

Duration of Impact: 5.0 years

Commonness: 5/20

Statement of Opinion:

This policy could significantly enhance our ability to preemptively manage cyber threats.
Right now, resources are limited, making it challenging to implement comprehensive security measures.

Wellbeing Over Time (With vs Without Policy)

Year	With Policy	Without Policy
Year 1	7	6
Year 2	8	6
Year 3	8	6
Year 5	9	6
Year 10	9	6
Year 20	9	6

State government IT manager (New York)

Age: 45 | Gender: male

Wellbeing Before Policy: 5

Duration of Impact: 10.0 years

Commonness: 7/20

Statement of Opinion:

State budgets are often tight; having federal support for cybersecurity could improve our defenses.
Coordination with CISA should allow for more cohesive security across government levels.

Wellbeing Over Time (With vs Without Policy)

Year	With Policy	Without Policy
Year 1	6	5
Year 2	7	5
Year 3	7	5
Year 5	7	5
Year 10	7	5
Year 20	7	5

Local government IT technician (California)

Age: 29 | Gender: other

Wellbeing Before Policy: 6

Duration of Impact: 10.0 years

Commonness: 8/20

Statement of Opinion:

A policy like this might provide the necessary tools and protocols for better security measures at the local level.
It will likely take time to see its full impact on day-to-day operations.

Wellbeing Over Time (With vs Without Policy)

Year	With Policy	Without Policy
Year 1	6	6
Year 2	6	6
Year 3	6	6
Year 5	7	6
Year 10	7	6
Year 20	7	6

Cybersecurity contractor (Illinois)

Age: 52 | Gender: male

Wellbeing Before Policy: 7

Duration of Impact: 5.0 years

Commonness: 6/20

Statement of Opinion:

Increased funding and a unified approach across agencies can help address some of the most severe vulnerabilities.
There's always a challenge with coordinating among different government branches.

Wellbeing Over Time (With vs Without Policy)

Year	With Policy	Without Policy
Year 1	7	7
Year 2	8	7
Year 3	8	7
Year 5	8	7
Year 10	8	7
Year 20	8	7

State cybersecurity policy advisor (Texas)

Age: 38 | Gender: female

Wellbeing Before Policy: 6

Duration of Impact: 10.0 years

Commonness: 5/20

Statement of Opinion:

This initiative can help standardize cybersecurity practices across states, reducing redundancy.
For it to be truly effective, collaboration and communication are key.

Wellbeing Over Time (With vs Without Policy)

Year	With Policy	Without Policy
Year 1	7	6
Year 2	7	6
Year 3	8	6
Year 5	8	6
Year 10	8	6
Year 20	8	6

Tribal government IT director (Florida)

Age: 48 | Gender: female

Wellbeing Before Policy: 7

Duration of Impact: 10.0 years

Commonness: 4/20

Statement of Opinion:

Tribal governments often lack resources for robust cybersecurity measures.
This policy could dramatically improve the security and privacy of our community's data.

Wellbeing Over Time (With vs Without Policy)

Year	With Policy	Without Policy
Year 1	8	7
Year 2	8	7
Year 3	9	7
Year 5	9	7
Year 10	9	7
Year 20	9	7

Local government IT support (Ohio)

Age: 26 | Gender: male

Wellbeing Before Policy: 5

Duration of Impact: 5.0 years

Commonness: 8/20

Statement of Opinion:

Local governments often struggle with outdated security protocols, so federal assistance is welcome.
However, implementation might be challenging, given existing resource limitations.

Wellbeing Over Time (With vs Without Policy)

Year	With Policy	Without Policy
Year 1	6	5
Year 2	6	5
Year 3	6	5
Year 5	6	5
Year 10	6	5
Year 20	6	5

Retired federal officer (Virginia)

Age: 65 | Gender: female

Wellbeing Before Policy: 6

Duration of Impact: 0.0 years

Commonness: 9/20

Statement of Opinion:

Such measures are imperative for keeping pace with evolving cyber threats.
I hope the policy considers the needs of smaller agencies just as much as the larger ones.

Wellbeing Over Time (With vs Without Policy)

Year	With Policy	Without Policy
Year 1	6	6
Year 2	6	6
Year 3	6	6
Year 5	6	6
Year 10	6	6
Year 20	6	6

Cybersecurity professor (Arizona)

Age: 40 | Gender: male

Wellbeing Before Policy: 7

Duration of Impact: 0.0 years

Commonness: 10/20

Statement of Opinion:

This policy is vital for keeping government entities secure.
The educational sector also benefits indirectly as it prepares the next generation of cybersecurity professionals.

Wellbeing Over Time (With vs Without Policy)

Year	With Policy	Without Policy
Year 1	7	7
Year 2	7	7
Year 3	7	7
Year 5	7	7
Year 10	7	7
Year 20	7	7

Federal cyber policy maker (Pennsylvania)

Age: 58 | Gender: male

Wellbeing Before Policy: 8

Duration of Impact: 5.0 years

Commonness: 3/20

Statement of Opinion:

This policy aligns with ongoing efforts to enhance national cybersecurity infrastructure.
Adequate funding and execution strategies are crucial for its success.

Wellbeing Over Time (With vs Without Policy)

Year	With Policy	Without Policy
Year 1	9	8
Year 2	9	8
Year 3	9	8
Year 5	9	8
Year 10	9	8
Year 20	9	8

Cost Estimates

Year 1: $150000000 (Low: $100000000, High: $200000000)

Year 2: $140000000 (Low: $90000000, High: $190000000)

Year 3: $140000000 (Low: $90000000, High: $190000000)

Year 5: $120000000 (Low: $80000000, High: $160000000)

Year 10: $100000000 (Low: $60000000, High: $140000000)

Year 100: $50000000 (Low: $30000000, High: $70000000)

Key Considerations

The effectiveness of the pilot programs in state, tribal, and local government settings will be crucial.
Long-term funding will need to sustain advanced, evolving cybersecurity measures.
Coordination between CISA and other agencies will be vital for smooth implementation.