IT officials at a recent conference said efforts to protect their infrastructure are hampered by a lack of resources and a lack of understanding from those who make funding decisions.
Many state and local networks and IT systems are unprepared for cyberattacks, as the CIOs overseeing them struggle to make do with strained budgets and static or shrinking staffs.
The results of a recent survey by Consero of chief information officers of states, counties, cities and towns are hardly surprising, but hardly comforting, either.
“I wasn’t shocked by anything, but I was disturbed by the cybersecurity numbers,” said Paul Mandell, CEO of the company, which took the survey for public IT officials in February. “The numbers were troubling.”
The survey contains results from only 36 officials, and Mandell acknowledges that they are anecdotal rather than statistically significant. But the respondents represent a small cross section of state and local government, with CIOs from states including Oklahoma and Idaho; counties from Riverside Co., Calif., to Prince William, Va.; cities from San Diego to Rochester, N.Y.; and agencies from the Wyoming DOT to the Fire Department of New York.
“There was a quite a bit of frustration and concern about the need to do what had to be done and the inability to get the resources they need,” Mandell said of the gathering.
That frustration is reflected in the CIO’s strategic planning goals. Fifty-five percent of respondents said their greatest impediment to doing their jobs is a lack of financial resources, and the top priority for 41 percent was simply working within budgetary constraints.
As a result of these pressures, 44 percent said that their IT infrastructure is not adequately prepared for cyberattacks, and 28 percent said they had experienced a security breach in the last 12 months. It is tempting to say that the 56 percent who feel they are adequately protected and the 72 percent who have not been attacked are being overly optimistic. With no uniform requirements for state and local government to report breaches, it is impossible to say what the actual level of malicious activity in their systems is.
The officials at the Consero conference were looking for more than a sympathetic ear to share troubles, Mandell said. They were looking for strategies to improve their lot. “The focus was on communication,” he said; “bridging the gap between their needs and the level of knowledge in those making budgetary decisions.”
Bridging that gap is not easy. The politicians who hold the purse strings do not want to be lectured by techies about routing tables and deep packet inspection. It turns out that those CIOs who are best at advocating for their budgets are not necessarily those who are best versed in the bits and bytes of their systems, but those with experience in the business world who use their well-learned politesse in dealing with the establishment.
One bright spot in the survey is that the lines of communication are open. State and local CIOs report to a variety of officials, including chief financial officers, boards of commissioners and city managers, but 86 percent of them felt that they had sufficient access to executive leadership.
That’s a start.