State and local officials first came together through emergency response teams, including an IT strike team, that tackled hurricane challenges. That IT strike team broadened its mission to serve the state cybersecurity coordination plans.
“We leveraged a relationship that was already there,” Thompson affirmed.
MORE FROM STATETECH: Explore how Michigan's state government boosts local cybersecurity with CISO as a Service.
National Guidance Provided North Carolina with Goals
In January, NGA and NASCIO teamed up to produce a guide, “Stronger Together: State and Local Cybersecurity Collaboration.” As part of Monday’s panel, NGA Program Director Maggie Brunner and NASCIO Director of Policy and Research Meredith Ward highlighted three recommended actions listed in the guide:
- At a minimum, states should build relationships with local governments.
- States should raise awareness of existing services offered to local governments.
- States should explore cost savings that can be achieved by including local governments in service contracts.
To make the guidance effective, Thompson called for a “whole of state” approach to cybersecurity.
“You can no longer work in your own silos of excellence. You have to work together,” Thompson said. And state and local officials must discuss cybersecurity with all of their partners, not just those whose title indicates IT or security responsibilities.
“For those who think it’s not your swim lane, it is. You have to adopt a whole of state approach to cyber,” she added.
As a key part of relationship building, Cress advocated for IT managers to share what they are doing in response to an incident, and why. Too often, Cress said, IT workers operate with a great deal of secrecy, out of fear of reprisal or discomfort after suffering an attack. But reporting openly is the right thing to do.
“Sometimes it comes across as an embarrassment,” so officials are reluctant to report incidents, he said. “You’re just an IP address; it could happen to anybody.”
