A bill to authorize the Department of Homeland Security (DHS) to provide cybersecurity training help at the national, state and local levels was approved by the House on March 7. The Senate has approved similar – but not identical – legislation, so the House version will still need further Senate action before it can be submitted to President Biden for his signature.
The National Cybersecurity Preparedness Consortium (NCPC) Act, originally introduced by Sens. John Cornyn, R-Texas, and Patrick Leahy, D-Vt., would authorize DHS to work with the National Cybersecurity Preparedness Consortium (NCPC) to help prepare for and respond to cybersecurity risks at the national, state, and local levels.
Among the changes made in the House version of the bill is an amendment stating that DHS may work with one or more consortia to support efforts to address cybersecurity risks and incidents, including:
- Training and education at state, Tribal, and local levels;
- Developing and updating a curriculum utilizing existing training and educational programs and models;
- Providing technical assistance services, training, and educational programs to build and sustain capabilities in support of preparedness for and response to cybersecurity risks and incidents;
- Conducting cross-sector cybersecurity training, education, and simulation exercises;
- Helping incorporate cybersecurity risk and incident prevention and response into existing State, Tribal, and local emergency plans; and
- Assisting state governments and Tribal organizations in developing cybersecurity plans.
“In the face of Vladimir Putin’s invasion of Ukraine, the United States must remain extra vigilant against potentially disastrous cyber threats from Russian hackers that would weaken our infrastructure and military readiness,” said Sen. Cornyn in a statement. “This crucial bill will ensure our critical infrastructure operators and local governments are prepared for dangerous Russian cyber-attacks.”
The bill would authorize DHS to work with NCPC to:
- Provide training to state and local first responders and officials, develop curriculums, and provide technical assistance;
- Conduct cross-sector cybersecurity training and simulation exercises for state and local governments, critical infrastructure owners and operators, and private industry;
- Help states and communities develop cybersecurity information-sharing programs; and
- Help incorporate cybersecurity risk and incident prevention and response into existing state and local emergency plans and continuity of operations plans.
“Passage of this legislation will improve the ability of the National Cybersecurity Preparedness Consortium to fulfill its mission of training and preparedness for cyber-attacks. There are few threats greater than those carried out through cyberspace that can upend the lives of Americans anywhere, from anywhere in the world. But with preparation, like that coached by NCPC, those threats can be mitigated,” said Sen. Leahy.