As the United States voter population ramps for the 2020 election, states are starting to focus on increasing their cybersecurity controls to protect the elections process from malicious actors. In June 2019, the Ohio Secretary of State issued a directive to boards of elections regarding vulnerability scanning. However, many states lack the funding necessary to secure their infrastructures and supply streams. Understanding the struggles facing states, US senators recently proposed the Cybersecurity State Coordinator Act of 2020. While still only a proposed bill, state IT and security professionals may be curious about the potential impact this bill would have if passed.
What is the Cybersecurity State Coordinator Act of 2020?
According to the introduction, the proposed bill recognizes the increased cyber threats, such as ransomware, impacting State, local, Tribal and territorial entities as well as their need for additional federal government engagement and expertise. With that in mind, the bill would require that the Director of Homeland Security would appoint a Cybersecurity State Coordinator for each state.
What are the proposed duties assigned to the Cybersecurity State Coordinator?
In business terms, the Cybersecurity State Coordinator appears to be a federal government liaison who is part compliance manager and part information disseminator.
The bill details 6 specific duties that encompass the role of the Cybersecurity State Coordinator:
- Building strategic relationships to establish governance structures necessary for maintaining secure and resilient infrastructures
- Advising and coordinating efforts related to preparing, responding and remediating security risks and incidents
- Facilitating cyber threat information sharing
- Facilitating financial, technical, and operational resource awareness
- Supporting recovery training, exercises, and continuity planning
- Acting as the federal government point of contact
How the Cybersecurity State Coordinator can help unify state cybersecurity activities
The stated duties of the Cybersecurity State Coordinator indicate that the federal government is looking to promote a unified, nationwide approach to managing cybersecurity risk. By placing a Department of Homeland Security employee in each state, the Cybersecurity State Coordinator Act of 2020 intends to create a shared approach to managing the unique threats that face governments – both local, state, Tribal, and federal.
Two of the proposed duties – facilitating cyber threat information sharing and facilitating resource awareness – hint at the underlying goal of uniformity. Creating a federal point of contact in each state means that as local governments report to their state government about cyber threats, the Cybersecurity State Coordinator can consolidate information sharing by reporting to their peers in other states.
By creating a better “workflow” and standardizing information sharing processes, all governmental entities will be able to secure their infrastructures and ecosystems better.
SecurityScorecard enables a unified understanding of cyber risk
If the Cybersecurity State Coordinator Act of 2020 is passed by Congress, SecurityScorecard’s platform acts as a way to help promote a unified approach to discussing cyber risks.
SecurityScorecard’s security ratings platform aligns with the underlying intent of the Cybersecurity State Coordinator Act of 2020 because we designed our technology to make understanding cyber risk easier. We use an A-F rating scale across ten risk factors including network security, IP reputation, DNS health, endpoint security, web application security, patching cadence, hacker chatter, leaked credentials, and social engineering.
Our platform provides an overarching security rating as well as individual ratings for each of the factors so that state governments can prioritize their remediation strategies to protect their constituents’ data.
State governments can compare their security with that of their peers, to gain better insight into how well they’re managing their security risk. As the United States moves toward a more unified approach to cyber risk information gathering and sharing, all governmental entities can work together by starting with a common language for discussing the risk.