Cybersecurity has been a challenge for the federal government. There have been serious breaches in multiple government agencies, and Congress has struggled to address cybersecurity on legal terms. Even what it has been able to pass has been wrought with criticism and contention.
But what about states? Are governors and state legislators doing any better about addressing cybersecurity?
According to a new study released by the Pell Center for International Relations and Public Policy at Salve Regina University, the answer is no. States lack strong cybersecurity, leaving them vulnerable to attacks and unable to address potential threats. The report explained:
[I]t is critical to understand that the individual states of the United States, like national governments, have a responsibility to secure their critical infrastructure—including electric power grids, air traffic control systems, financial systems, and communication networks—as well as the data that has been entrusted to them by their citizens. At a minimum, states must ensure that their citizens can rely on safe and secure Internet connectivity.https://o1.qnsr.com/log/p.gif?;n=203;c=204663295;s=11915;x=7936;f=201904081034270;u=j;z=TIMESTAMP;a=20410779;e=i
But rather than step up on security efforts, Pell Center Executive Director Jim Ludes said in a prepared statement that state governments are falling victim to an array of cyber threats, including data breaches, tax fraud and political hacktivism.
The lack of cybersecurity appears to trickle down, from federal government to state governments to local governments.
This poor public sector security may be linked to the lack of a cybersecurity-skilled workforce pool. Public sector salaries, especially in state and local governments, can’t compete with private industry. And even in private industry, there is a serious shortage of security workers. A new study by SANS Institute found that while the need for employees with strong cybersecurity skills has doubled since 2014, the majority of companies still lack security professionals available to detect and prevent threats. If these employees aren’t available to industry, they certainly aren’t going to be available for public jobs – and this shortage is happening just when we need these employees the most, as Francesca Spidalieri, senior fellow for cyber leadership and author of the Pell Center report, said in a statement:
Local and state governments, just like the federal government, hold the information of millions of people and depend on information communication technologies and the Internet to provide a number of services to their citizens, to maintain critical infrastructure as public utilities, to share information across states and federal networks, and to make sure that first responders receive the data they need in crisis situations. This is why it is critical that states protect their cyber infrastructure and digital investments and develop comprehensive plans to increase their preparedness and resilience.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba