The COVID-19 pandemic has accelerated state efforts to secure their IT systems and underscored the role of state and local governments as laboratories for cybersecurity efforts – as well as the need for more federal support and private-sector collaboration, according to participants in a webinar.
“States are going to be asked to think through these issues in ways that were never expected before,” said Cyberspace Solarium Commission member Samantha Ravich, who chairs the Center on Cyber and Technology Innovation at the Foundation for Defense of Democracies.
BSA-The Software Alliance on Thursday hosted a webinar, “Modernizing Government IT: Citizen Services, Security Risks, and Federal-State Collaboration,” with Ravich, Georgia state CIO Calvin Rhodes and Ohio CIO Ervan Rodgers. The event was moderated by Ha McNeill of Software.org: The BSA Foundation.
Ravich noted cutting-edge efforts by officials in Georgia and Ohio, as well as Colorado’s efforts “linking” tech to homeland security initiatives, North Dakota’s “one-domain-everywhere” initiative and moves by Arizona officials to collaborate more tightly with critical-infrastructure operators. She recently discussed on another webinar related “continuity of economy” issues highlighted by the Solarium report.
She said the Solarium Commission in a recent annex to its March report urged lawmakers to include IT modernization funding for states in a new COVID-19 relief package. The annex calls for initial grants “steered toward incentivizing or subsidizing the cost to SLTT governments associated with migrating to cloud infrastructure.”
The grants would be distributed to state governments and apportioned based on population. A second round of grants would be based on “a competitive application process.”
Further, the Solarium Commission proposes directing “the Department of Homeland Security and the Department of Commerce, in consultation with industry, to identify an existing security standard or set of standards against which the security of cloud services can be measured and which may have to be met to demonstrate eligibility for the grant program.”
Ravich said Thursday that the annex “highlighted 32 recommendations” in the March report and “tweaked some,” including the cloud security language related to state grants. The annex also called for passing an Internet of Things security law and taking steps to combat disinformation.
She also noted a need “to be more strategic about helping secure home networks,” saying “maybe a kind of ‘Geek Squad’ is needed.”
Ohio’s Rodgers cited “a tremendous amount of innovation” among state tech officials, vendors and other stakeholders amid COVID-19, saying they’ve “taken collaboration to the next level” and along the way have ensured “appropriate cybersecurity checks and balances are in place.”
A “Cyber Ohio” initiative was launched when Gov. Mike DeWine was serving as state attorney general, Rodgers said, and has emphasized getting tools into the hands of small and mid-sized businesses.
An “Innovate Ohio” initiative has been a platform for sharing information across state agencies on best practices and tech developments, Rodgers said. Projects that would’ve taken weeks or months are being accomplished in days, he said.
Rhodes, the Georgia IT official, pointed to “strategic leadership, a willingness to change the business model and partnerships with business” as key ingredients to his state’s approach, as well as taking steps to ensure a “long-term commitment” was in place.
Reaching out to private-sector partners for help was key in responding to “sky-rocketing demand from citizens” for information and tools related to the pandemic, Rhodes said. Partnerships and continually improving the information available on the threatscape are essential for state officials, he said.
“It’s critical that we continue to work to make [threat information] more timely,” Rhodes said. “Information sharing is critical in this.” – Charlie Mitchell (firstname.lastname@example.org)