House lawmakers roll out bill to invest $500 million in state and local cybersecurity

House lawmakers roll out bill to invest $500 million in state and local cybersecurity
© Greg Nash

A group of bipartisan House lawmakers on Wednesday rolled out legislation that would provide state and local governments with $500 million annually to defend against cyberattacks, which have escalated over the past year during the COVID-19 pandemic. 

The State and Local Cybersecurity Improvement Act, led by House Homeland Security Committee cybersecurity subcommittee Chairwoman Yvette ClarkeYvette Diane ClarkeTSA working on additional pipeline security regulations following Colonial Pipeline hack School districts struggle to defend against rising ransomware attacks Hillicon Valley: Democrats urge Facebook to abandon 'Instagram for kids' plan | 'Homework gap' likely to persist after pandemic MORE (D-N.Y.), would create a grant program to provide $500 million annually to state and local governments over the next five years for cybersecurity needs.

The legislation, provided to The Hill to review Wednesday, would also require state and local governments to submit plans for securing their systems against cyber threats in order to obtain the funding, and establish committees to implement the plans. 


Clarke teased the legislation last week during a subcommittee hearing on ransomware threats, noting she would reintroduce it “in the coming days.” It was passed by the House last year, but failed to get a vote in the Senate. 

“As the ever-increasing number of ransomware attacks on state and local governments demonstrates, adequate investment in cybersecurity has been lacking, and more resources are needed,” Clarke said at the hearing. “This legislation would ensure funding is available, while insisting state and local governments step up to prioritize cybersecurity in their own budgets.”

The bill is a major bipartisan effort, with House Homeland Security Committee Chairman Bennie ThompsonBennie Gordon ThompsonLobbying world Hillicon Valley: Biden gives TikTok and WeChat a reprieve | Colonial Pipeline CEO addresses Congress again | Thomson Reuters shareholders want review of ICE ties Colonial Pipeline may use recovered ransomware attack funds to boost cybersecurity MORE (D-Miss.), ranking member Rep. John KatkoJohn Michael KatkoColonial Pipeline may use recovered ransomware attack funds to boost cybersecurity In shot at Manchin, Pelosi calls for Senate to strengthen voting rights Democrats debate shape of new Jan. 6 probe MORE (R-N.Y.) and cybersecurity subcommittee ranking member Rep. Andrew Garbarino (R-N.Y.) among the sponsors. 

House Foreign Affairs Committee ranking member Rep. Michael McCaulMichael Thomas McCaulGOP lawmakers urge Biden to add sanctions on Russia over Navalny poisoning Lawmakers urge Biden to be tough on cybersecurity during summit with Putin Key Republican: Putin meeting will be most 'important' and 'dangerous' of Biden trip MORE (R-Texas) and Reps. Dutch RuppersbergerCharles (Dutch) Albert RuppersbergerHouse lawmakers roll out bill to invest 0 million in state and local cybersecurity House approves cyber funds in relief package as officials press for more Maryland lawmakers ask Biden to honor Capital Gazette shooting victims with Presidential Medal of Freedom MORE (D-Md.) and Derek KilmerDerek Christian KilmerThe tale of the last bipartisan unicorns Head of House Office of Diversity and Inclusion urges more staff diversity House lawmakers roll out bill to invest 0 million in state and local cybersecurity MORE (D-Wash.) are also co-sponsors. 

Katko testified at the same hearing last week that he was "looking forward" to pushing the legislation, noting that "equipping state and local governments with the resources to bolster their defenses is an important step."


"While we all can agree more resources for our state and local governments are necessary, we must also ensure these funds are spent responsibly, and effectuate meaningful impacts on risk reduction," Garbarino testified at the hearing. "This important bill is a tremendous step forward in our fight, but we can’t stop there."

State and local governments have come under intense pressure from cyber threats over the past few years, and in particular during the COVID-19 pandemic, as more operations moved online and hackers targeted vulnerable and sometimes aging systems. 

Schools, hospitals and libraries have been among public institutions targeted by ransomware attacks, among other cyber threats, and the city governments of Baltimore, New Orleans and Atlanta have been forced to spend millions of dollars to recover from ransomware attacks targeting operations in recent years. 

The bill also comes as the nation continues to grapple with the fallout of a succession of major cyberattacks. 

The SolarWinds attack, first discovered in December, allowed Russian government-backed hackers to compromise nine federal agencies and at least 100 private-sector groups, while new vulnerabilities in Microsoft’s Exchange Server allowed Russian and Chinese hackers to potentially compromise thousands more organizations.

Last week, Colonial Pipeline was forced to shut down operations due to a ransomware attack on its IT systems. The pipeline provides 45 percent of the East Coast’s oil supply. As of Wednesday, the suspension of operations has lead to fuel shortages in some areas of the country. 

Clarke, Thompson, Katko and Garbarino joined the bipartisan leaders of the House Transportation and Infrastructure Committee to send a letter Tuesday night to Jake SullivanJake SullivanBiden must be firm, but measured, in his message to Putin on cyberattacks NATO members agree to new cyber defense policy NATO tackling climate change for first time MORE, President BidenJoe BidenJapan to possibly ease COVID-19 restrictions before Olympics 14 Republicans vote against making Juneteenth a federal holiday China supplies millions of vaccine doses to developing nations in Asia MORE’s national security adviser, expressing strong concerns around the Colonial Pipeline incident. 

“We are deeply concerned about the security of our nation’s critical infrastructure and the industrial control systems (ICS) that underpin many national critical functions,” the lawmakers wrote. “As we have repeatedly stressed, cybersecurity is no longer just an ‘IT issue’ but instead an economic and national security challenge that can have real-world impacts to our security.”

“It is imperative that the federal response is rapid, clear, and consistent,” they stressed.

--Updated at 3:58 p.m.