Lawmakers introduce bill designating $28 billion to secure state and local IT systems

A coalition of lawmakers in the House and Senate on Thursday introduced legislation to funnel federal funds into strengthening state and local information technology systems, following increased stress on these systems during the COVID-19 pandemic. 

The State and Local IT Modernization and Cybersecurity Act — sponsored in the House by Reps. Jim Langevin (D-R.I.) and Mike Gallagher (R-Wis.) and in the Senate by Sen. Angus King (I-Maine) — would provide $28 billion in federal aid to state and local governments to help shore up older systems in the midst of the pandemic. 

These funds would be funneled through a “Public Health Emergency Information Technology Grant Program” that would address immediate challenges to IT systems during the coronavirus pandemic, and a “Modernizing Information Technology Program” to purchase new and more secure platforms. 

The bill was introduced after recommendations by the Cyberspace Solarium Commission (CSC), a bipartisan group established by Congress, that released a report in March detailing ways to secure the U.S. against debilitating cyberattacks. 

Langevin, a member of the CSC and the co-chair of the Congressional Cybersecurity Caucus, said in a statement that the COVID-19 pandemic had made clear the negative impact of legacy IT systems on state and local governments. 

“We need immediate investments to ensure state and local employees can safely work remotely, and we need IT modernization strategies to ensure that essential services, like unemployment insurance, can be provided to Americans in need,” Langevin said. 

King and Gallagher, the co-chairs of the CSC, also cited the legislation as essential for state and local governments during the pandemic. 

“This legislation will help our states and localities update their systems, which will improve their security and provide the added benefit of helping state and local governments operate more efficiently in the digital age,” King said in a statement. “It’s necessary for our security, and it will strengthen online services for the American people – a win-win, and one I’m proud to introduce with Representatives Langevin and Gallagher.”

“Outdated legacy systems not only threaten state and local governments’ ability to deliver critical services, but can also expose sensitive data to cyber threats,” Gallagher said in a separate statement. “An ounce of prevention is worth a pound of cure, and modernizing IT infrastructure is an important step towards ensuring our country is well-defended in cyberspace across all levels of government.”

Other House co-sponsors of the legislation include Rep. Cedric Richmond (D-La.), the chairman of the House Homeland Security’s cybersecurity subcommittee, and Reps. Will Hurd (R-Texas), Dutch Ruppersberger (D-Md.), Michael McCaul (R-Texas), Max Rose (D-N.Y.), and Don Bacon (R-Neb.). 

The bill builds on legislation previously introduced by Richmond that would provide state and local authorities with the funding and resources to address cyber threats and vulnerabilities.

State and local IT officials have faced increasing challenges during the pandemic, as more activities and business has moved online at the same time that budgets have dried up. 

Doug Robinson, the executive director of the National Association of State Chief Information Officers (NASCIO), said in a statement Thursday that the new legislation was “sincerely appreciated.”

“As states are charged with administering critically important federal programs and benefits, this legislation aims to make significant investments in modernizing state and local IT infrastructure,” Robinson said.

NASCIO was among a coalition of groups that sent a letter to congressional leaders in April asking for funds to address cyber and IT infrastructure needs during the pandemic.  

“This surge on our information technology infrastructure requires additional investment in both funding and manpower to keep up with the massive usage,” the groups wrote. “Additionally, malicious cyber actors have used attention on COVID-19 to their advantage, further targeting government infrastructure, the healthcare sector, and individual citizens for internet crimes, such as ransomware, phishing, and computer-enabled financial fraud.”

Lawmakers and state officials had lobbied for more federal resources even before the pandemic, particularly following a year in which ransomware cyberattacks brought the governments of Baltimore and New Orleans, among other government groups, temporarily to their knees.