Cybersecurity: a challenge for state and local governmentsAugust 21, 2018
News headlines about cybersecurity breaches have generally highlighted large companies and the federal government. Among businesses, Home Depot and Target are only two of the big players that have suffered dented reputations – and huge financial losses – due to cybersecurity vulnerabilities./
Within the federal government, meanwhile, the Office of Personnel Management was hit by a breach in 2015 that compromised as many as 21.5 million records.
But what about state and local governments? These too maintain sensitive records, including tax information, that could be used to cause harm.
A recent report from the Brookings Institution highlighted the efforts being made at state level. As can be expected, the outlook differs widely from state to state. Two states – Idaho and Mississippi – were deemed “truly outstanding in their focus on cybersecurity.” Key to their success: both states base their approach on standards established by the National Institute of Standards and Technology (NIST) and other policymaking organizations.
The report praised several other states, including Delaware, Colorado, and New Mexico, for having “a solid and robust recognition of the need for cybersecurity and a multi-faceted plan.” Some states, however, were found to have weak cybersecurity plans, or to have not worked out their plans in sufficient detail.
At the local level, the cybersecurity challenge may be even more acute. A study published earlier this year by a group of University of Maryland professors found that while municipalities come under frequent attack, cyber-awareness among local officials lags behind.
The data suggests that “at least some, and perhaps even a large fraction of, local governments may be unable to respond to electronic intrusions,” the authors wrote.
One crucial take-home: lack of awareness is one of the main culprits behind cybersecurity vulnerability at the local level.
“If local officials are going to do a better job protecting their information assets, they’ll first need to know a lot more about what’s actually happening. The numbers of survey respondents who answered ‘Don’t know’ to our questions was surprisingly high,” the survey authors wrote.
At Capitol Technology University, one of the top cybersecurity schools in Maryland, faculty members agree that awareness is key. “That’s true across the board, not just in relation to governments but also to any organization that has a computer network,” says Dr. William Butler, chair of the cybersecurity program. “Cyber adversaries have proven to be very adept at exploiting the ‘blind spots’ at companies and organizations that have not educated themselves sufficiently about the types of threats that exist.”
“That includes the threat posed by unaware employees falling victim to social engineering,” he said.
To successfully meet the cybersecurity challenge, states and local governments will need more than a set of policies and procedures, no matter how robust these may look on paper, Butler cautions. They also need qualified personnel.
And that means taking steps to increase the number of people who enter the cybersecurity field and gain professional skills and credentials.
“In order to attract young cybersecurity talent, states and municipalities need to offer paid internships and programs similar to the National Science Foundation’s Scholarship for Service program,” Butler said.
Is the needle moving on cybersecurity awareness? Butler is cautiously optimistic. “Certainly the average computer user is more vigilant than might have been the case ten years ago,” he said. “But we still have a long way to go. And cybercriminals, who are active 24/7 around the globe, continue to be a step ahead.”
Want to be a trusted cybersecurity professional who can help your local municipality or state government boost its cyber defenses? Capitol Technology University, a DHS and NSA-designated Center for Academic Excellence, offers degree programs at the undergraduate, master’s, and doctoral levels, as well as a wide variety of specialized certificates. Contact firstname.lastname@example.org to find out more!