CyberEye

By Patrick Marshall

Blog archive
Many state and local government networks are unprepared for cyberattacks

Many state and local networks unprepared for cyberattacks

Many state and local networks and IT systems are unprepared for cyberattacks, as the CIOs overseeing them struggle to make do with strained budgets and static or shrinking staffs.

The results of a recent survey by Consero of chief information officers of states, counties, cities and towns are hardly surprising, but hardly comforting, either.

“I wasn’t shocked by anything, but I was disturbed by the cybersecurity numbers,” said Paul Mandell, CEO of the company, which took the survey for public IT officials in February. “The numbers were troubling.”

The survey contains results from only 36 officials, and Mandell acknowledges that they are anecdotal rather than statistically significant. But the respondents represent a small cross section of state and local government, with CIOs from states including Oklahoma and Idaho; counties from Riverside Co., Calif., to Prince William, Va.; cities from San Diego to Rochester, N.Y.; and agencies from the Wyoming DOT to the Fire Department of New York.

“There was a quite a bit of frustration and concern about the need to do what had to be done and the inability to get the resources they need,” Mandell said of the gathering.

That frustration is reflected in the CIO’s strategic planning goals. Fifty-five percent of respondents said their greatest impediment to doing their jobs is a lack of financial resources, and the top priority for 41 percent was simply working within budgetary constraints.

As a result of these pressures, 44 percent said that their IT infrastructure is not adequately prepared for cyberattacks, and 28 percent said they had experienced a security breach in the last 12 months. It is tempting to say that the 56 percent who feel they are adequately protected and the 72 percent who have not been attacked are being overly optimistic. With no uniform requirements for state and local government to report breaches, it is impossible to say what the actual level of malicious activity in their systems is.

The officials at the Consero conference were looking for more than a sympathetic ear to share troubles, Mandell said. They were looking for strategies to improve their lot. “The focus was on communication,” he said; “bridging the gap between their needs and the level of knowledge in those making budgetary decisions.”

Bridging that gap is not easy. The politicians who hold the purse strings do not want to be lectured by techies about routing tables and deep packet inspection. It turns out that those CIOs who are best at advocating for their budgets are not necessarily those who are best versed in the bits and bytes of their systems, but those with experience in the business world who use their well-learned politesse in dealing with the establishment.

One bright spot in the survey is that the lines of communication are open. State and local CIOs report to a variety of officials, including chief financial officers, boards of commissioners and city managers, but 86 percent of them felt that they had sufficient access to executive leadership.

That’s a start.

Posted by William Jackson on May 15, 2013 at 9:39 AM


Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.