State and Local Cybersecurity Improvement Act
This bill requires the Cybersecurity and Infrastructure Security Agency (CISA) to establish the State and Local Cybersecurity Grant Program to address cybersecurity risks and threats to the information systems of state, local, or tribal governments.
Eligible grant applicants (i.e., states and certain Indian tribes) must submit a cybersecurity plan—to be approved by CISA as a condition of disbursement—that describes how the applicant will use the funds to address cybersecurity risks and threats to their information systems. Grant funds must be used to implement, develop, or revise the applicant's cybersecurity plan or to assist with activities that address imminent cybersecurity risks or threats.
CISA must establish a State and Local Cybersecurity Resiliency Committee to provide state, local, and tribal stakeholder expertise, situational awareness, and recommendations to CISA on how to address cybersecurity risks and threats.
CISA must develop and maintain a resource guide for state, local, tribal, and territorial government officials to assist with identifying, preparing for, detecting, protecting against, responding to, and recovering from cybersecurity risks, threats, and incidents. In addition, CISA must develop and make publicly available a Homeland Security Strategy to Improve the Cybersecurity of State, Local, Tribal, and Territorial Governments.
Finally, CISA must assess the feasibility of implementing a short-term rotational program to detail approved state, local, tribal, and territorial government employees to CISA in cyber workforce positions.