CISA, which is part of the Department of Homeland Security, is in charge of preventing attacks on federal networks and critical infrastructure.
During the pandemic last year, cybersecurity complaints to the US Federal Bureau of Investigation more than tripled, while average ransomware payments increased by 43% in the first quarter of 2021 over the previous quarter. Attacks on the software supply chain are on the rise, and the rising Internet of Things (IoT) and 5G wireless technology provide even more opportunities to exploit weaknesses.
Through law enforcement and intelligence capabilities, governments have a comprehensive view of potential risks, but they tend to see things through the prism of national security rather than economic risk. Companies have access to firm- and sector-specific risk information and frequently have superior access to cybersecurity skills, but they can’t readily take a macroeconomic picture and may be overwhelmed by state-sponsored attackers.
Newly elected state and local governments are now determining objectives for their first 100 days in office. For the next four years, they must prioritise trustworthy computing on their to-do lists. To enable increasing government efficiency and creativity, it is critical that our digital infrastructure not just survives, but thrives.
Critical infrastructure protection, in particular, is abysmal. According to a recent Ponemon Institute survey, 90 percent of respondents in this business had been targeted by cyberattacks in the last two years, with some being targeted twice.
New governors and other senior elected officials should do the following five things:
1) Assign this task to a trusted Chief Information Security Officer (CISO). Each governor should choose a CISO with actual clout, someone who can operate across local, state, and federal borders, modelled after state Homeland Security Advisors/Coordinators.
2) Create a comprehensive cyber security strategy based on the Federal Cybersecurity Initiative (currently mandated for all federal agencies). Within new state and local fusion centres, this concept should cover traditional law enforcement relationships as well as cyber concerns.
3) For all cyber security situations, establish unambiguous command and control. In cyber emergency management scenarios, the National Incident Management System should be followed. In cross-border emergencies, local, state, and federal operations must be coordinated and intensified as needed.
4) Enable more secure online transactions. Build the framework for digital identity management to accelerate innovation. Review the “National Strategy for Trusted Identities in Cyberspace” to get started. Collaborate on federated digital identification efforts with organisations like the National Association of State CIOs and the National Governors Association.
5) When establishing cyber security solutions, consider “people, process, and technology.” The majority of cyber solutions necessitate a shift in culture. Within government and for kids, parents, educators, and other segments of society, a thorough training program is required. When it comes to Internet safety, elected officials have the chance to lead by example.
Finally, when it comes to cyber risk, you should never delegate responsibility. Getting private-sector support makes sensible, but when commercial activities are unavailable, the government must always respond to the public. As a result, it all starts with prioritizing cyber security. Building online trust reduces risk while also allowing for innovation.