NDAA Amendment to Establish State-Level Cybersecurity Coordinators

Last Thursday, the U.S. Senate passed its version of the 2021 National Defense Authorization Act (NDAA), which funds all military and national security operations for the next fiscal year. The legislation will now have to be agreed upon with the House of Representatives, who passed their own version of the bill. Of particular note is the successful passage of the bipartisan amendment to the NDAA that would require the Department of Homeland Security to establish a Cybersecurity State Coordinator position in every state. This amendment was introduced by a bipartisan coalition of senators including Sens. Rob Portman (R-OH), Maggie Hassan (D-NH), John Cornyn (R-TX), and Gary Peters (D-MI).

The Cybersecurity State Coordinator position established by the amendment would help prevent and respond to cybersecurity threats targeted at state and local governments, as well as schools, hospitals, and other regional entities. Sen. Portman remarked that “frequently, [states] lack the resources, technical know-how, and situational awareness to secure their [cybersecurity] systems, or respond in the event of an attack.” Sen. Hassan added that “Cybersecurity Coordinators will serve as a bridge between the federal government and state and local entities.”

While there has been a lot of recent action to bolster the federal government’s cybersecurity capabilities, including in the NDAA with the establishment of a Cybersecurity and Infrastructure Security Agency national director, the lack of state-level improvements has been notable. This amendment is commendable in the way that it directly creates a bridge between state and national cyber-attack responses, particularly because of the recent wave of cyberattacks we have seen at the local level during our current WFH period.