- As the COVID-19 pandemic has forced tribal governments to move their governmental services online, the need to protect tribal data and ensure the integrity of the services that they provide is more important than ever.
- Yet tribal governments continue to be largely left out of federal opportunities to build critical cybersecurity infrastructure and internal protocols that keep tribal data safe.
- The National Congress of American Indians (NCAI) has urged Congress to establish a 10 percent set-aside for tribal governments in cybersecurity funding available for state and local governments, as well as to require the U.S. Department of Homeland Security (DHS) to submit an annual report to Congress outlining the cybersecurity needs of Indian Country.
Tribal governments have joined state and local governments in their request to include funding for cybersecurity in the next COVID-19 relief package. As the pandemic has forced tribal governments to move their governmental services online, the need to protect tribal data and ensure the integrity of the services that they provide is more important than ever. Yet tribal governments continue to be largely left out of federal opportunities to build critical cybersecurity infrastructure and internal protocols that keep tribal data safe. Currently, the only program that tribal nations are able to use to meet their cybersecurity needs is the U.S. Department of Homeland Security (DHS) Tribal Homeland Security Grant Program (THSGP). That program serves all of Indian Country's homeland security and emergency management needs, not just cybersecurity, and not every tribal government is eligible for the program. In effect, when it comes to cybersecurity, tribal governments do not have access to the cybersecurity resources they need.
What are Tribal Governments Seeking?
In a letter to House Speaker Nancy Pelosi (D-Calif.) and House Minority Leader Kevin McCarthy (R-Calif.), the National Congress of American Indians (NCAI) urged Congress to establish a 10 percent set-aside for tribal governments in cybersecurity funding available for state and local governments, and to require DHS to submit an annual report to Congress outlining the cybersecurity needs of Indian Country. The letter specifically requests that Congress include the following language in the next COVID package:
(a) Set Aside — Provided, that of the amount made available, the Secretary shall set aside not less than ten percent to address the cybersecurity risks and threats of Indian Tribes as defined in section 4 of the Indian Self-Determination and Education Assistance Act (25 U.S.C. 5304).
(b) Report — No later than one year after the date of the enactment of this Act, and annually thereafter, the Department of Homeland Security Secretary shall submit to Congress a report on federal resources available to tribal governments, as defined in section 4 of the Indian Self-Determination and Education Assistance Act (25 U.S.C. 5304), to prevent and mitigate cybersecurity incidents, identify cybersecurity infrastructure shortfalls in Indian Country, and the status of actions taken by the Agency to address those shortfalls.
A letter also was sent to Senate Majority Leader Mitch McConnell (R-Ky.) and Senate Minority Leader Chuck Schumer (D-N.Y.).
What Are State and Local Governments Seeking?
State and local government officials have also been advocating for the inclusion of cybersecurity funding in the relief package. A coalition, including the National Governors Association, the National League of Cities and the National Association of Counties, sent a letter to House and Senate leadership on April 28, 2020, requesting direct funding to states, territories and localities specifically for addressing cybersecurity and IT infrastructure. The groups explain that the COVID-19 pandemic has caused a "surge on … information technology infrastructure [that] requires additional investment in both funding and manpower to keep up with massive usage." Moreover, the letter notes an increase in malicious cyberattacks on government infrastructure, such as ransomware, phishing and computer-enabled financial fraud. Tech and cybersecurity groups also sent a letter of support for cyber funding to House leaders on April 20.
What Is Congress Seeking?
On May 22, Reps. Bennie Thompson (D-Miss.), Jim Langevin (D-R.I.) and Cedric Richmond (D-La.), members of the House Homeland Security Committee, asked House Speaker Nancy Pelosi (D-Calif.) to include cybersecurity assistance to state and local governments in the next relief package, even though such funding was left out of House Democrats' latest coronavirus aid package, the Health and Economic Recovery Omnibus Emergency Solutions (HEROES) Act (H.R. 6800). The letter states, "We are disappointed that [the HEROES Act] did not provide targeted assistance to bolster network capacity and security to ensure that the aid the House provided to displaced workers, frontline workers, and other vulnerable populations is delivered in a timely way." Before the HEROES Act was released, House Democrats — including Reps. Thompson, Richmond, Derek Kilmer (D-Wash.) and Dutch Ruppersberger (D-Md.) — sent a letter requesting the inclusion of cyber funding in the next relief bill. The lawmakers specifically touted the House-passed State and Local Cybersecurity Improvement Act (H.R. 5823), which would provide $400 million in annual grants to state, local and tribal governments to address cyber risks and threats.
Although the bill enjoys bipartisan support, tribal emergency managers have expressed concerns that the funding will not reach Indian Country. Currently, the legislation requires funding to be passed through states to tribes, and in many cases, such funds historically have not always reached tribes as Congress intended.