Biden signs cyber bills into law

President Biden on Tuesday signed two bipartisan bills into law aimed at enhancing federal, state and local governments’ cybersecurity measures.

The bills’ passage comes following an increased pace of cyber incidents in recent years against government entities, including the SolarWinds hack, which involved Russian agents compromising nine federal agencies and at least 100 private sector groups. 

Biden had signed another cybersecurity bill last month that improves the federal government’s collection of data related to cybercrime.

One of the bills signed into law on Tuesday, dubbed the Federal Rotational Cyber Workforce Program Act, establishes a program to allow cybersecurity professionals to rotate through multiple federal agencies and enhance their expertise.

The bill also requires the Office of Personnel Management (OPM) to distribute lists of open positions in the program to government employees annually. 

The Senate had passed the bill in 2019 but it did not receive a vote in the House until this year.

Senate Homeland Security and Governmental Affairs Committee Chairman Gary Peters (D-Mich.) and Sens. John Hoeven (R-N.D.) and Jacky Rosen (D-Nev.) reintroduced the legislation in the Senate in April 2021, and Reps. Ro Khanna (D-Calif.) and Nancy Mace (R-S.C.) introduced the bill in the House the following month.

The bill passed the Senate by unanimous consent in December and in the House via a voice vote last month.

The second bill, called the State and Local Government Cybersecurity Act, aims to improve coordination between the Department of Homeland Security and state and local governments on cybersecurity.

The bill requires the National Cybersecurity and Communications Integration Center (NCCIC), a division that helps coordinate the federal government’s cybersecurity posture, to share security tools and protocols with state, local, tribal and territorial governments.

The bill passed the Senate by unanimous consent and on a 404-14 vote in the House last month.

“For hackers, state and local governments are an attractive target — we must increase support to these entities so that they can strengthen their systems and better defend themselves from harmful cyber-attack,” Rep. Joe Neguse (D-Colo.), who introduced the bill, said in a statement after the House’s passage.

Peters, who sponsored the Senate bill, called the provisions “commonsense” given the high level of cyber incidents.

“State and local governments in Michigan and across the nation continue to be targeted by cybercriminals and other malicious actors,” he said in a statement. “These attacks can prevent access to essential services, compromise sensitive and personal information, and disrupt our daily lives and livelihoods.”