This article is an excerpt from GovLoop’s recent report titled “Your Guide to Key Advancements in Government Cybersecurity.” Download the full report here.
A cyberthreat against one is a cyberthreat against all, especially for state and local governments. They are increasingly uniting against their common enemies to boost their mutual cybersecurity postures. And the foes are many: hackers, ransomware, viruses and more.
A ransomware attack struck the Atlanta city government’s computer services in March 2018, disrupting programs that residents use to pay their bills or request new water services online. Wired reported in April 2018 that Atlanta spent more than $2.6 million addressing the debilitating incident.
Local governments are no safer than their statewide counterparts, a December 2017 ransomware attack on Mecklenburg County, North Carolina shows. The disruption interrupted county services for roughly a month, with residents unable to pay property taxes, register deeds and more.
State and local governments are increasingly entering into cybersecurity partnerships that transcend physical boundaries. These alliances foster better information sharing, improved cooperation on cybersecurity challenges and increased dialogue about best practices.
The Center for Internet Security (CIS), a nonprofit organization aimed at helping “safeguard private and public organizations against cyberthreats” worldwide, is helping lead that charge. CIS’ MS-ISAC offers one example of how states can overcome cybersecurity challenges by working together.
“The mission of the MS-ISAC is to improve the overall cybersecurity posture of state, local, territory and tribal governments,” according to the group’s website. “Collaboration and information sharing among members, the U.S. Department of Homeland Security (DHS) and private sector partners are the keys to success.”
A September 2016 Deloitte/NASCIO survey found that 96 percent of state enterprise-level CIOs and state business officials said they are collaborating with MS-ISAC. Ninety-two percent said the same of local government entities and DHS fusion centers.
America’s cyber health improves when state and local governments team up, with the various parts strengthening defense of the whole.
Governors Unite on Compact to Improve State Cybersecurity
Cybersecurity threats prompted 38 governors to sign a compact in 2017 aimed at improving their states’ cyber defenses.
A Compact to Improve State Cybersecurity pledges to improve states’ cybersecurity governance, prepare and defend them from cyberattacks, and grow the U.S. cybersecurity workforce.
“Cyberthreats pose serious risks to the core interests of all states and territories,” it reads. “Recent cyber intrusions have stolen volumes of confidential data, exposed critical services to disruption and resulted in significant economic impacts to states.”
“States are attractive targets because they collect and store massive amounts of personal and financial data,” the compact adds. “In short, cybersecurity is a whole-of-state affair that requires high-level executive engagement.”
Cambray Crozier, Communications Director for Minnesota’s CIO, said Gov. Mark Dayton’s decision to join the compact last year has helped strengthen interstate and national cybersecurity.
“One great thing about this compact is it is a commitment of governments across the nation,” she said. “It helps us work together across local governments, state governments and the federal government.”
“This gives us the opportunity to share information with other governors and learn lessons from one another,” Crozier added. “This really delivers value not just for Minnesota but all states.”
Crozier said Minnesota faces more than 3 million cyberattacks daily, potentially endangering the state’s 35,000 government employees and 5.5 million residents. The compact addresses such challenges by tasking the states involved with “creating and exercising cybersecurity disruption response plans that emphasize a whole-of-state approach.”
Ryan Aniol, Minnesota’s Deputy CISO, said the pact has helped the state communicate more effectively with partners about cybersecurity challenges.
“If another state is in a cyberattack, being able to diverge that to your partners is critical,” he said. “It’s really understanding what the threats are today, how they impact us and where are they going.”
“Being able to share that with other states helps improve the cybersecurity posture of the country,” Aniol continued. “It’s being ahead of the curve.”
The compact also commits signers to “growing the nation’s cybersecurity workforce,” a pledge Crozier said Minnesota is enthusiastically keeping.
“Minnesota, like many states, has both a challenge and an opportunity related to the IT and cybersecurity workforces in our state,” she said. “[We’re] looking for ways we can grow the talented total workers in our population.”
“That’s not something we do alone,” Crozier added. “We do it side-by-side with private companies, our universities and even focusing on STEM (science, technology, engineering and mathematics) in our education system.”
Minnesota contributes to America’s cybersecurity workforce by recruiting graduates of the National Science Foundation’s CyberCorps Scholarship for Service program, which “provides scholarships to students for cybersecurity-related degree programs at select two-and four-year colleges and universities in return for service in Federal, State, local or tribal governments upon graduation,” according to the initiative’s website.
Aniol said the program has helped Minnesota by helping prepare the state’s next generation of cybersecurity defenders.
“It helps us bring in the door a really talented workforce,” he said. “It’s a really great win-win for everybody involved.”