Connecting state and local government leaders
The two-year pilot program was announced as state and local governments are still assessing the scope of recent widespread hacks.
State and local governments are poised to get some extra help identifying critical technology systems that could be at risk of cyberattacks, as part of a new federal pilot program.
The Cybersecurity Infrastructure Security Agency will provide $1.2 million to fund the pilot, which will be overseen by the Center for Infrastructure Assurance and Security at the University of Texas at San Antonio. The announcement comes as state and local governments are still working to understand the scope of cyber intrusions and damage caused by the recent SolarWinds and Microsoft Exchange hacks.
The two-year pilot program will help state, local, tribal and territorial governments identify high value assets so local officials can better prioritize improvements to information technology infrastructure. Once local governments take stock of the systems that are critical to their agencies, they will be able to devise better strategies to protect them from hackers, officials said.
“Communities nationwide are becoming increasingly targeted by cyber threats—both domestic and foreign,” said Natalie Sjelin, the associate director of training programs at CIAS. “It’s more important than ever to help jurisdictions identify, categorize and prioritize their high value assets.”
CISA will use the pilot program to develop guidelines, templates and tools that can be used to help jurisdictions across the country better protect their critical IT infrastructure.
While CISA officials said this type of program helps to strengthen cooperation with state and local partners, at least one cybersecurity expert said it doesn’t address the biggest problem for local jurisdictions—a lack of resources.
“The issue for local governments is: Do we have the right people, are they trained, are they certified? In most cases, there is a real gap there,” said Alan Shark, the executive director of the Public Technology Institute.
By focusing on best practices, the CISA program could determine that an agency needs millions of dollars in upgrades, he said. That’s money that many smaller governments do not have.
Shark suggested that a better option would be to invest in a regional approach to cybersecurity that would allow smaller governments to partner with states or within regions to pool resources.
Federal government agencies have taken a number of steps in recent months to bolster federal cybersecurity offerings to state and local governments. Federal agencies will also boost funding for cybersecurity initiatives at the state and local level—the Department of Homeland Security announced last month that it would require that a greater percentage of Federal Emergency Management Agency grants to state and local agencies go toward cybersecurity.
Andrea Noble is a staff correspondent with Route Fifty.