NASCIO 2019: Wisconsin Fosters Volunteer Cybersecurity Response Team

Local experts forged a 60-member group to act in the case of incidents throughout the state.

Not long ago, a community in Wisconsin suffered a ransomware incident. The attack locked its network and also took out the community’s backup server. 

The local security expert was on vacation, but a volunteer from another Wisconsin community responded. He jumped into his car and drove 3.5 hours to the target community and helped restore the infected server.

Speaking Tuesday at the annual conference of the National Association of State Chief Information Officers in Nashville, Tenn., Wisconsin CISO Bill Nash shared the anecdote to underscore the effectiveness of the state’s 60-member volunteer cybersecurity response team. The state built the team over three years, offering cybersecurity training to local IT officials who then volunteer to assist when another community is hit with an attack.

“We said, ‘If you have some IT people in your local government that would like some cyber training, we have grant funding to train them. All we ask in return is that you volunteer when other local governments have incidents,” Nash said.

Why do the volunteers assist if the state doesn’t pay them? “They enjoy it. They enjoy the challenge and they bring back lessons learned to their community,” Nash said.

JOIN THE CONVERSATION: Follow @StateTech on Twitter for continued NASCIO 2019 conference coverage. 

The team meets regularly via teleconference with all 60 volunteers participating. During one call, a volunteer reported a phishing attempt on his network; other volunteers on the conference call checked and discovered the same virus in their own networks.

“When it comes to local government relationships with the state, cybersecurity is bringing us together,” said Alan Shark, executive director of the Public Technology Institute, who moderated the discussion. Sixty-eight percent of state governments are providing IT services to local government, according to PTI, said Shark.

State Recruited Volunteers After Updating Emergency Management Plan

About seven or eight years ago, Wisconsin updated the Wisconsin Emergency Management Plan, adding a cybersecurity portion to it, Nash recalled.

“We recognized, in addition to the state agencies, we have these applications that are used by the local governments, and they are interfacing with our networks in a number of different ways,” Nash said, noting that “cyberattacks are borderless.”

This led to the idea of using grant funding to train cybersecurity volunteers from local communities. The volunteers do not try to replace private sector expertise, but they strive to “stop the bleeding” and begin recovery after an attack, Nash said.

The volunteers occasionally receive assistance from the Wisconsin National Guard’s Cyber Protection Team, but the Guard only deploys in the event of a big emergency, Nash said. The National Guard also is a valuable training resource, and Wisconsin’s National Guard participated in an exercise called Cyber Shield in 2017. 

BECOME AN INSIDER: Gain exclusive video coverage of the NASCIO 2019 when you subscribe to StateTech.

Wisconsin Assesses Next Steps for Strengthening Team

The Wisconsin volunteer team operates without any sort of executive order or legislative mandate, but the state CIO’s office is assessing whether such measures would strengthen the effort.

For example, Wisconsin is examining laws in Michigan to see if any statutes might assist Wisconsin authorities in the event of a cybersecurity incident. 

Wisconsin CIO David Cagigal said a true test of state and local collaboration on effective cybersecurity would come during the election cycle in 2020. The 2018 midterm election was a dress rehearsal for next year’s presidential election, Cagigal said.

“We can be confident that no one is going to touch our voter database,” he added.

Check out more articles and videos from StateTech’s coverage of NASCIO 2019 conference here.

Getty Images / csfotoimages
Oct 15 2019

Sponsors