As policies and funding align to strengthen government defenses, agencies must ensure they are continuing to be proactive and collaborative in the cyber field.
Federal, state and local agencies are experiencing major opportunities to improve cybersecurity. For example, the Cyber Incident Reporting for Critical Infrastructure Act was passed in March 2022 to create a mandatory pathway for communicating critical infrastructure cyber incidents to the federal government. State and local governments may also be able to tap into a $1 billion worth of federal cybersecurity grants as early as this summer.
At GovLoop’s online training Thursday, government experts spoke about what agencies are focused on in this phase of bolstering their cybersecurity: execution and collaboration.
- Bill Zielinski, Chief Information Officer (CIO), city of Dallas
- Steven McAndrews, Deputy Associate Administrator for Information Management and CIO, National Nuclear Security Administration (NNSA)
- Holly Davis, Founder, Komplement
In the next year, the “executability” of cybersecurity is critical.
“That is one of the buzzwords we’re using,” McAndrews said. “We have the mandates, writs of action, funding – now we just need to go do.”
Executing and resourcing cyber strategies is especially critical at the local level, where threats and attacks are on the rise. The federal intelligence that the city of Dallas receives from the Cybersecurity and Infrastructure Security Agency (CISA) has been invaluable for proactive defense. The city just needs to make sure it follows through and takes action based on the intel from its partners and the federal government, Zielinski said.
To strengthen state and local cybersecurity, there are more funds available than before. “I expect everybody on the giddy-up,” said Davis at Komplement, a firm that helps state and local agencies apply for technology grants. She said the federal government is “dangling carrots” to make it happen.
“There’s so much money infusing into government to elevate everyone’s cyber solutions and to make sure we protect the world we live in,” Davis said.
Even with rigorous federal cybersecurity, without a consistent security discipline at the state and local levels too, government faces gaps in the attack surface.
“The size of the risk is not proportional to the size of the budget,” Zielinski said. “For a long time, smaller agencies, micro-agencies in the federal government, state and local entities that are smaller – they have struggled with being able to budget appropriately to address the threats they face.”
The collective cybersecurity community needs to find a way for all entities, regardless of their size, to support the defenses they need, Zielinski said.
“Again, we as a community are only as strong as our weakest link,” Zielinski added.
This online training was brought to you by: