A new bill passed a House vote on Dec. 10 expanding the Department of Homeland Security's cybersecurity role to include assisting state and local governments upon request.

The bill — H.R. 3869, State and Local Cyber Protections Act of 2015 — was introduced by Rep. Will Hurd, R-Texas, a freshman congressman and former CIA agent, and passed by a voice vote in the House.

The NCCIC also would be responsible for providing cybersecurity training to state and local analysts upon request.

"Local governments often do not have access to the technical capabilities and training required to address highly exploitable cybersecurity vulnerabilities," Hurd said, noting state and local government networks house sensitive data about constituents, "making them especially attractive for cyberattacks."

  • Upon request, identifying system vulnerabilities and information security protections to address unauthorized access, use, disclosure, disruption, modification or destruction of information collected or maintained by, or information systems used or operated by, state or local governments or other organizations or contractors on their behalf.
  • Providing via a web portal updated resources and guidelines related to information security.
  • Coordinating through national associations to implement information security tools and policies to ensure the resiliency of state and local information systems.
  • Providing training on cybersecurity, privacy, and civil liberties.
  • Providing requested technical assistance to deploy technology that continuously diagnoses and mitigates cyber threats and to conduct threat and vulnerability assessments.
  • Coordinating vulnerability disclosures under standards developed by the National Institute of Standards and Technology.
  • Ensuring that state and local governments are aware of DHS resources and other federal tools to ensure the security and resiliency of federal civilian information systems.

Doug Robinson, executive director of the National Association of State Chief Information Officers (NASCIO), lauded the bill, particularly in the face of a growing cyber threat and dearth of cybersecurity professionals to meet the challenge.

"In making DHS cyber resources available upon request to state CIOs, H.R. 3869 could help states address the aforementioned gaps," Robinson said in a letter to the chairman and ranking member of the House Homeland Security Committee. "We especially appreciate that H.R. 3869 makes DHS resources available upon request and does not mandate the utilization of federal resources for state partners."

The bill now moves on to the Senate, which likely won't be able to take it up until the new year at the earliest.