When discussing cybersecurity, specifically securing IT systems, it’s not revolutionary to point out that states and localities struggle to keep up with the ever-increasing demands placed on them. It’s widely regarded that states and local governments lack the necessary budget and ability to secure the talented professionals needed to thwart these threats. Year after year, the National Association of Chief Information Security Officers, a group representing the chief technologists in each state, ranks cybersecurity as its number one priority overall, sighting budget and staffing issues as the main reason for concern. We have recently seen an increased focus on cybersecurity at the state and local level as it has become clear that states and localities are more vulnerable than ever.
In addition, the amount of personally identifiable information – information that can be used to recognize or trace someone’s identity - held by states actually dwarfs that of the federal government. This begs the question: What should be the federal government’s role in helping states and localities provide a more secure environment?
An answer to that very questions seems to have arrived in the form of H.R. 1344, the State Cyber Resiliency Act. This bill would leverage the State Cyber Resiliency Grant program through the Federal Emergency Management Agency to assist state, local and tribal governments by allowing them to more effectively prevent, prepare for, and respond to cybersecurity threats. H.R. 1344 would increase state and local cybersecurity posture by making each state eligible to apply for cybersecurity grants after they submit and receive approval of a cyber-resiliency plan.
This legislation would help shore up many of the gaps currently seen at the state and local level where inadequate cybersecurity funding has become a major issue as increasingly sophisticated threats are encountered. States currently have access to federal funding through the Homeland Security Grant Program, but they are rarely distributed for cybersecurity purposes. The program was initially created to support anti-terrorism and police training and funding has historically been focused on emergency preparedness and first responders. The State Cyber Resiliency Act offers an opportunity to provide much-needed aid to our most vulnerable IT systems across the country and allows those managing these systems to further expand upon existing public-private partnerships. Leveraging the expertise within the private sector will help curb the cybersecurity talent gap and therefore improve cybersecurity programs nationwide.
While the most difficult part of any piece of legislation is establishing and providing funding, we know that the cost of forgoing cybersecurity prevention is astronomically higher, particularly in the public sector, as opposed to providing up-front funding to establish sound policy and security practices. ITAPS supports the federal government in helping to protect what are currently highly vulnerable state and local IT systems.