This new law gives CISA the authority to work directly with local government entities to help with cybersecurity protections for the entire electric grid, not just the bulk electric system, like NERC provides. But this authority doesn't stop with the electric grid, it covers all critical infrastructure. IMO, this is a positive and necessary change to cybersecurity policies and practices that will enable a team approach, engaging Federal, State and Local governments with the private sector to tackle cybersecurity challenges, cohesively and collaboratively.ย
I fully support and endorse this new law, and it's objectives, shown below:
Under the new law, the Cybersecurity and Infrastructure Security Agency (CISA) is directed to increase the coordination of cybersecurity response with SLTT governments. The following CISA responsibilities to support SLTT governments are specifically listed in the bill is:
- Providing operational and technical assistance to address cyber incidents
- Increasing situational awareness by sharing cyber threat indicators, defensive measures and cybersecurity risks
- Providing notifications of specific incidents
- Creating a platform to share best practices and other cybersecurity standards and policies
- Working with Chief Information Officers, senior election officials, and others to coordinate effective implementation of tools, policies and guidelines to ensure system resiliency
- Assisting in developing policies and procedures for coordinating vulnerability disclosures
- Promoting cybersecurity education and awareness.
The law also codifies a sustained relationship between CISA and the Multi-State Information Sharing and Analysis Center (MS-ISAC). MS-ISAC is a coalition of governments and organizations created in 2022 that is dedicated to improving cybersecurity for SLTT governments.