State, universities team up for local gov cyber assessments
The Indiana Office of Technology joined with Indiana University and Purdue University on a four-year effort to help ensure local governments have adequate defenses.
Local governments in Indiana will soon be able to draw on university expertise to improve their cybersecurity.
Since its founding in 1986, the Technical Assistance Program (TAP) at Purdue University has offered professional education and services to businesses and government. In the last decade, its cyberTAP arm has also provided cybersecurity assessments.
Now, cyberTAP will partner with the Indiana Office of Technology (IOT) and Indiana University’s Center for Applied Cybersecurity Research (CACR), to assess the cybersecurity posture of local governments and help them map out how they can further secure their environments.
The four-year partnership hopes to produce assessments of around 100 local governments per year, according to TAP Executive Director Mat Trampski.
As local governments have digitized property, tax and other records, they’ve increased their attack surface and must likewise boost their defenses.
“What we want to do is make sure that government can continue to function and won't be as susceptible,” Trampski said. “We'll never stop all the cyber and information security threats,” he said, but added that continuity of operations is critical because local agencies touch every citizen.
The assessments for participating local governments will be based on existing cybersecurity frameworks from the likes of the National Institute of Standards and Technology, the National Science Foundation’s Cybersecurity of Excellence and the Center for Internet Security. A joint team of 10 from cyberTAP and CACR will lead the assessments, with students from both institutions also having the opportunity to assist.
The assessments aim to inform local governments of their cybersecurity preparedness, help them clarify priorities and improve Indiana’s overall cybersecurity posture.
“Local governments collaborate with the state in various ways, and the computer systems are intertwined. A vulnerability on either side leaves the other at risk,” IOT CIO Tracy Barnes said. “We have invested heavily in protecting state systems, and now this is an opportunity for local government to see definitive steps toward improvement for its systems.”
Trampski said with local governments increasingly at risk of cyberattacks from hackers that see them as “low hanging fruit,” protecting them helps protect other government entities.
“There's sophisticated adversaries and … criminal organizations that look to exploit these resources,” Trampski said. “So not only is it the more sophisticated adversaries, but it's the ones that are looking for a quick exploit to make a few dollars. And unfortunately, that puts local governments in the crosshairs especially.”
Local governments had already been reaching out to cyberTAP for help and advice on cybersecurity, he said, so this partnership helps formalize those efforts.
Trampski said that rather than use this program to punish local governments for any deficiencies in their cybersecurity efforts, it will help state and local officials better “understand” the landscape and see the “big picture” of where investment is needed.
NEXT STORY: Enough with the weak passwords, already