Why Cybersecurity Is Unique for State and Local Governments

While the federal government helps lead the charge on National Cyber Security Awareness Month, state and local government agencies play an important role in protecting residents' data.

Cybersecurity is never far from the headlines, whether that’s in data breaches like the one that Equifax suffered or ransomware attacks that hold files hostage. It can all seem a bit overwhelming, but there are plenty of tools and resources businesses can tap to enhance their cybersecurity defenses.

This month, expect to hear a lot about them. The Department of Homeland Security and the National Cyber Security Alliance (NCSA), a public-private partnership, have for the past 14 years been using October to annually mark National Cyber Security Awareness Month (CSAM). The month’s core message, according to the alliance, is that “the internet is a shared resource and securing it is our shared global responsibility.”

For businesses in particular, the NCSA says that the top threats they face include ransomware attacks, Internet of Things (IoT) vulnerabilities and insider attacks. In addition to defending against those dangers, businesses must confront emerging ones, including from artificial intelligence and the growing interdependence between different kinds of data, according to Michael Kaiser, NCSA’s executive director.

Explore Multiple Facets of Cybersecurity

The month is broken down into weeks, each with its own theme that DHS, the NCSA and its partners will highlight with events and advice. Here is a quick breakdown:

  • Week 1: Oct. 2-6 — Simple Steps to Online Safety 
    This week will highlight how businesses and citizens can take simple steps to improve cybersecurity. The alliance will promote its “Stop. Think. Connect.” campaign to encourage users to stop and make sure security measures are in place, think about the consequences of their actions and behaviors online, and still connect with and enjoy the internet. The week will spotlight the top cybersecurity concerns for consumers, provide simple steps to protect against these concerns and explain how consumers can respond if they fall victim to a cybercrime.
  • Week 2: Oct. 9-13 — Cybersecurity in the Workplace Is Everyone’s Business 
    This week will focus on why every organization, large or small, needs a plan for employee education, training and awareness that emphasizes risk management, resistance and resilience. The week will showcase how businesses can protect themselves, their employees and customers against common cybersecurity threats. It will also promote resources that can help organizations strengthen their IT security resilience, such as the National Institute of Standards and Technology (NIST) Cybersecurity Framework.
  • Week 3: Oct. 16-20 — Today’s Predictions for Tomorrow’s Internet 
    The third week of the month will explore how the Internet of Things presents both new opportunities and new threats. Personal data is the fuel that makes smart devices work, the alliance notes, and it is critical to understand how to use cutting-edge technology in safe and secure ways.
  • Week 4: Oct. 23-27 — The Internet Wants You: Consider a Career in Cybersecurity 
    According to a study released earlier this year by the Center for Cyber Safety and Education, by 2022, there will be a shortage of 1.8 million information security workers. The alliance will use this week to encourage students and professionals to explore cybersecurity as a viable and rewarding profession.
  • Week 5: Oct. 30-31 — Protecting Critical Infrastructure from Cyber Threats 
    The last few days of the month will focus on how to build resilience into critical infrastructure, including electric grids, utilities, financial systems and transportation networks. The theme of this week transitions into Critical Infrastructure Security and Resilience Month in November, highlighting the tie between cybersecurity and the country’s critical infrastructure.

Decentralized Networks Create Cybersecurity Risks 

State and local government agencies need to keep their IT systems secure but often do not have the budgets needed to do so, Kaiser says. “That’s probably the biggest issue, making sure that when government is digitized that it comes with the assets to maintain that security over a long period of time,” he says.

Meanwhile, Kaiser notes, state and local governments often have more data on citizens than the federal government, in terms of tax data, information on school enrollment, licenses and so forth. That data is incredibly valuable to hackers and malicious actors. “Recognizing that need to protect your citizens’ data is really important,” he says.

State and local networks are often far more decentralized. “The decentralized nature of a lot of these networks provides a lot of risk,” Kaiser says. “That said, there is also a high level of interconnectivity between these municipal and state networks.”

That back and forth between state and local networks presents many opportunities for cybercriminals to gain access to that data, he notes.

traffic_analyzer/Getty Images
Oct 03 2017