Posted on Feb 13, 2020
As the United States voter population ramps for the 2020 election, states are starting to focus on increasing their cybersecurity controls to protect the elections process from malicious actors. In June 2019, the Ohio Secretary of State issued a directive to boards of elections regarding vulnerability scanning. However, many states lack the funding necessary to secure their infrastructures and supply streams. Understanding the struggles facing states, US senators recently proposed the Cybersecurity State Coordinator Act of 2020. While still only a proposed bill, state IT and security professionals may be curious about the potential impact this bill would have if passed.
According to the introduction, the proposed bill recognizes the increased cyber threats, such as ransomware, impacting State, local, Tribal and territorial entities as well as their need for additional federal government engagement and expertise. With that in mind, the bill would require that the Director of Homeland Security would appoint a Cybersecurity State Coordinator for each state.
In business terms, the Cybersecurity State Coordinator appears to be a federal government liaison who is part compliance manager and part information disseminator.
The bill details 6 specific duties that encompass the role of the Cybersecurity State Coordinator:
The stated duties of the Cybersecurity State Coordinator indicate that the federal government is looking to promote a unified, nationwide approach to managing cybersecurity risk. By placing a Department of Homeland Security employee in each state, the Cybersecurity State Coordinator Act of 2020 intends to create a shared approach to managing the unique threats that face governments - both local, state, Tribal, and federal.
Two of the proposed duties - facilitating cyber threat information sharing and facilitating resource awareness - hint at the underlying goal of uniformity. Creating a federal point of contact in each state means that as local governments report to their state government about cyber threats, the Cybersecurity State Coordinator can consolidate information sharing by reporting to their peers in other states.
By creating a better “workflow” and standardizing information sharing processes, all governmental entities will be able to secure their infrastructures and ecosystems better.
If the Cybersecurity State Coordinator Act of 2020 is passed by Congress, SecurityScorecard’s platform acts as a way to help promote a unified approach to discussing cyber risks.
SecurityScorecard’s security ratings platform aligns with the underlying intent of the Cybersecurity State Coordinator Act of 2020 because we designed our technology to make understanding cyber risk easier. We use an A-F rating scale across ten risk factors including network security, IP reputation, DNS health, endpoint security, web application security, patching cadence, hacker chatter, leaked credentials, and social engineering.
Our platform provides an overarching security rating as well as individual ratings for each of the factors so that state governments can prioritize their remediation strategies to protect their constituents’ data.
State governments can compare their security with that of their peers, to gain better insight into how well they’re managing their security risk. As the United States moves toward a more unified approach to cyber risk information gathering and sharing, all governmental entities can work together by starting with a common language for discussing the risk.
Check out our list of 3 top third party risk management (TPRM) challenges, and the actions you can take to bolster your program. Learn more.
Performing cybersecurity risk assessments is a key part of any organization’s information security management program. Read our guide.
Templates and vendor evaluations are needed to level that playing field, in a time efficient and fair way, so that the best vendors are chosen.
Co-founder and CEO, Alex Yampolskiy, speaks about the importance of measuring and acting on key indicators of cybersecurity risk.
You’ve invested in cybersecurity, but are you tracking your efforts? Check out our list of 20 cybersecurity KPIs you should track. Read more.
No waiting, 100% Free
Get your free scorecard and learn how you stack up across 10 risk categories. Answer a few simple questions and we'll instantly send your score to your business email.