Over a recent six-month period, North Dakota’s IT systems and networks experienced 34 million vulnerability attacks directed at software, 3.3 million denial of service attacks and 88 million spam or phishing emails.
All of those attacks were repelled, according to local TV station KFRY-TV, but the state’s cybersecurity efforts are coming under strain due to budget cuts.
North Dakota Information Technology Department (ITD) CIO Shawn Riley in September told a bipartisan group of state lawmakers that his agency will ask for more than $11 million in software upgrades and 37 additional cybersecurity experts in the next two-year budget, according to the Associated Press.
The state employs only 11 cybersecurity experts now, Riley said, according to the AP. The additional personnel are needed to counter a threat landscape that is growing increasingly complex. “We have a huge challenge in front of us,” Riley told lawmakers.
North Dakota Faces Cyberchallenges and Budget Cuts
North Dakota’s cybersecurity defenses are rated as average. An internal review revealed that on a scale of 0 to 5, the state’s security ranks a very average 1.2. “1.2 out of 5 is not where we want to be, but it’s not like we’re undefended. We’re very, very defended, but do we need to be vastly better at our process? Absolutely,” Riley said, according to KFRY-TV.
Enhancing cybersecurity defenses will require an investment of about $20 million, according to Riley, but the state IT agency is already facing an $18 million funding cut to meet Gov. Doug Burgum’s budget recommendations. Riley estimated the cost of additional cybersecurity experts would be about $12 million in salary and benefits annually, according to the AP.
StateScoop adds: “ITD itself already has plans to cut $77 million of its existing $245 million budget, a 31 percent reduction that will result in a loss of 17 of the agency’s 344 employees.”
“If we absorb an $18 million cut, can we do our job? We can absolutely do our job,” Riley said, according to KFRY-TV. “Do we have to prioritize differently? We certainly do. Do we have to take on projects differently? We certainly do.”
ITD has turned to public-private partnerships to help fill positions. In July, the state announced a partnership between Palo Alto Networks and higher education institutions in the state to expand cybereducation at all levels.
Democratic State Sen. Larry Robinson, of Valley City, N.D., said he thinks the state legislature should fulfill Riley’s request when it reconvenes in January. “I think we need to step up to the plate here,” Robinson said, according to the AP. “It’s wrong if we ignore it.”
“If we're going to step to the plate and address the cybersecurity issue, it’s going to come with a price tag,” he added, KFRY-TV reports. Riley said ITD will push for additional legislation to help the cybersecurity education program and increase cyberdefense resources, the station notes.