Structured partnerships and effective collaboration are key to effective cybersecurity, state IT execs say.
Structured partnerships and effective collaboration are key to effective cybersecurity, according to state CIOs who spoke at the Nov. 16 Route Fifty Tech Summit.
Cybersecurity is one of the biggest challenges states face, they said. With the escalation of ransomware threats, panelists stressed the need for collaboration across state and local government when tackling such critical matters.
“To me, so much of what we do in these roles – it’s about communication, translation and [building] relationships,” Texas CIO Amanda Crawford said. “In technology, the burden is on us as leaders to be able to translate the solutions, translate the services to match the business needs.”
Crawford, who is also executive director of Texas Department of Information Resources, cited her department’s response to a string of ransomware attacks, including one that hit 23 local governments in 2019. No Texas entity paid the ransom, but other public and private businesses did, she said, highlighting the value of teamwork when responding to a widespread attack.
While the state does not have the authority to pass mandates for local governments, Crawford said practicing collaborative cybersecurity response with local governments can help lay the groundwork for standards and policies. Recent legislation calling for statewide risk and authorization management services and a volunteer incident response team was signed by the governor. The measure allocates funding for multi-factor authentication and endpoint detection and response software at no cost to state agencies, Crawford said.
In the span of a few years, cybersecurity has moved from being largely a technical issue to a “central boardroom discussion,” Pennsylvania Chief Information Security Officer Erik Avakian said.
The commonwealth ensures collaboration with a security governance committee, whose members are drawn from state agencies, Avakian said. This way, departments can get “a seat at the table” in policy matters, and every individual agency’s needs can be understood and addressed by the group, he said.
When it comes to large-scale attacks, Avakian said that his department has positioned itself to work on regional response, drawing on the capabilities of neighboring states. These partnerships can provide broader coverage in the event of a widespread cyber threat, he said.
“I think leveraging our regional capabilities ... is really important because we can look at it from a bigger level,” he said. “So that whatever we’re putting in place, we make sure it’s the right solution to meet everyone’s needs.”
NEXT STORY: 3 pillars of effective digital vaccine passports