Much like the federal government, states are responsible for protecting critical infrastructure including power grids, air traffic control systems and communication networks; along with citizens’ private data. This requires the storage and safe-keeping of massive volumes of data on private citizens, businesses and operations—a target for cybercriminals who have much to gain from its exploitation.
If state government executives learned anything from last spring’s unprecedented breaches on federal agencies including the Office of Personnel Management (OPM) and Internal Revenue Service (IRS), it’s that no network is immune to the threat of cyber attack. Nevertheless, a recent study conducted by Ponemon Institute shows that states continue to fall short in cybersecurity readiness—even as they increasingly rely on technology and data to deliver services, manage infrastructure and public safety, levy taxes, and fund public sector legislative and law enforcement activities.
The truth of the matter is...the maturity of state and local government cybersecurity protocols and technology has not kept up with the growing sophistication and pace of modern cyber attacks. Nor have state budgets.
Another limiting factor for states is lack of access to a skilled cybersecurity workforce pool. Public sector salaries, especially in state and local governments, can’t compete with private industry. And even in private industry, there is a serious shortage of security workers.
Where States Fall Short On Cybersecurity
Deficiencies in cybersecurity budgets, expertise, planning and technology raise concerns about state and local governments' readiness to thwart and mitigate the impacts of a cyber attack. According to the Ponemon report, states trail their federal agency counterparts in a number of areas, including:
Recovery. Only 28% of states and local government respondents stated their recovery processes are high, compared to 55% of federal respondents surveyed.
Attack Prevention. Less than 20% of state and local government respondents surveyed rated their ability to prevent attacks very high compared to 41% of federal respondents.
Attack Detection. Of the respondents surveyed, only 32% of those representing state and local governments rated their ability to detect attacks quickly very high compared to 46% of respondents from the federal government.
Attack Containment. Out of the respondents surveyed, 38% of state and local governments estimated that they were confident in their ability to contain an attack compared to 52% of federal government respondents.
Innovation Is A Silver Lining
Despite what states perceive to be their cybersecurity shortcomings, not all is grim. In the Ponemon research, states report feeling more positive than federal government agencies about their ability to innovate. Perhaps it has something to do with the more flexible and autonomous nature of state and local governments. Whatever the reason, state IT officials would be wise to draw on that innovative spirit to create cybersecurity solutions and protocols that can protect vital IT infrastructure and personal, private citizen data in changing threat landscapes.
Resilient Intelligent Networks is a systems integrator that helps state and local governments plan and execute strategic cybersecurity initiatives to secure vital infrastructure and the protection of private citizens’ data.