Cracking Down on Cybersecurity at the State Level

“The cybersecurity space is incredibly dynamic, with the threat and vulnerability environment changing almost daily, so these (state) leaders are constantly weighing the law of unintended consequences as they address public safety on one hand and over-regulation of business on the other,” wrote Mark Weatherford — former state CISO for both Colorado and California, and the federal Department of Homeland Security’s first deputy undersecretary for cybersecurity. He documented the challenges state leaders face with newfound advanced, damaging cyber attacks in “What State Leaders Need to Know About Cybersecurity.”

THE CURRENT LANDSCAPE

Over the past year and a half, companies all over the world have had to adjust to the work-from-home mandate and new hybrid working environment while ensuring cybersecurity protection of both the organization’s endpoints and their employees..  Local governments have had to adapt to the necessary new regulations for cybersecurity as well.

While headline-grabbing attacks like Colonial Pipeline and SolarWinds grab headlines, state and local governments, as well as municipalities and public education facilities have long been the target of debilitating ransomware attacks.

It’s clear that local governments need to take drastic action to improve cybersecurity, but where should they start?

State CISOs, governors and other elected officials have signed orders, put together task forces and advised people on the possible ramifications from cyber attacks all in an attempt to better regulate and inform the public yet cyber threats are still as prevalent as ever.

Steve Harpe, Oklahoma State COO , said the state fends off more than 36 million cyber attacks a day.

“When building a business-first state, trying to be more open to business, it drives the perception that ‘you’re not really caring about security.’ That’s absolutely not true,” Harpe said. “The last year and a half brought a lot of learning for us to run state government better but also how to deal with things in a crisis.”

In an effort to limit the damage of cyber attacks, the New York State Public Service Commission (PSC) has taken preventative measures and granted the state’s largest electric and gas utilities permission to take care of utilities in the United States or Canada in the event of a cyberattack. This initiative is part of the Cyber Mutual Assistance (CMA) program that provides mutual aid in preparation of, during, or following a cyber incident.

“New York is a hub for significant financial, governmental, manufacturing, and transportation infrastructure that has higher than normal risk of cyberattack for either criminal or geopolitical reasons,” said PSC Chair John B. Howard. “Our utilities’ participation in this type of mutual assistance program is both appropriate and timely in light of the increased recent cyberattacks on critical infrastructure. Being able to recover and return to normal operations as quickly as possible is critical, thus pre-approval of transfers of utility property and equipment under the CMA program is in the public interest.”

In nearby Connecticut, Governor Ned Lamont signed a bill intended to encourage businesses in the state to step up their cybersecurity, according to GCN. “An Act Incentivizing the Adoption of Cybersecurity Standards for Businesses” will take effect October 1, and will protect businesses from damages resulting from a breach of personal data if they have adopted and adhere to industry-standard cybersecurity measures. These organizations will only be covered if they are aligned with the current version of any recognized security framework, GCN reported.

CONNECT WITH LOCAL LEADERS

Local cyber executives will discuss these topics at the New England Virtual Cybersecurity Summit on  August 18. Following this on August 19 in Hartford, Connecticut many of them will continue the conversation in person at the New England Cybersecurity Community Rooftop Reception, which starts at 4pm.

Leave a Reply

Your email address will not be published. Required fields are marked *

Recent news posts

This is a sample blog post title.
Featured Image

State, Local, Federal Cybersecurity Executives Confer On 2022 Threats, Attack Landscape

This is a sample blog post title.
Featured Image

Your Weekly DHS/CISA Threat Assessment (September 14)

This is a sample blog post title.
Featured Image

Assistant to the Special Agent in Charge at USSS-DHS Leads Keynote Presentation in Philadelphia

This is a sample blog post title.
Featured Image

CISA Insights: Risk Considerations for Managed Service Provider Customers

This is a sample blog post title.
Featured Image

Your Weekly DHS/CISA Threat Assessment (September 3)

Attend an Event!

Connect and collaborate with fellow security innovators at our Virtual Cybersecurity Summits.

Register Today