Even as tech corporations, federal agencies and intergovernmental groups implore state and local governments to coordinate more closely on cybersecurity activities, building out those programs can be daunting, leaders of state and regional cyber initiatives said Wednesday at a conference in Washington.
“For under resourced organizations out there, there are wonderful tools, but we hear all the time these organizations need boots on the ground, trusted partners who are going to help them, not just access to specific programs,” Max Fathy, a program manager at the MassCyberCenter, a state-backed organization that promotes cyber-related training and workforce development across Massachusetts, said during a panel discussion.
Fathy and others spoke at the inaugural Cyber Civil Defense Summit, put on by the Center for Long-Term Cybersecurity, a think tank at the University of California, Berkeley. He and the other speakers said that they’ve been able to slowly expand their offerings to local governments, school districts, small businesses and other entities without much technological sophistication.
“So much of our capability we’re currently invested in is in larger population centers,” said Eric Franco, the cybersecurity preparedness coordinator at the Wisconsin Emergency Management. “We’re boosting efforts into rural municipalities and school districts where vulnerability is at a heightened level.”
Franco’s role includes coordinating the state’s Cyber Response Team, a 400-person army of IT professionals and members of the Wisconsin National Guard who help local public-sector entities respond to security incidents. The response team, which is about eight years old, is one of several state-led volunteer cybersecurity corps around the country meant provide additional hands during incident responses — Michigan and Ohio run similar programs, for instance.
But funding these statewide and regional efforts over the long-term isn’t always certain, said Mikyung Kim-Molina, the cybersecurity regional project manager at the Bay Area Urban Areas Security Initiative, an intergovernmental program — involving about 100 local governments in Northern California — that’s funded by a Department of Homeland Security grant program.
“I don’t want to say we started cybersecurity by accident,” Kim-Molina said. “But our UASI grant, the feds considered cybersecurity a priority area, so that’s how we ended up having these great projects we’re working on now.”
But funding and grant program priorities can change, she said. Still, Kim-Molina continued, one of the greatest powers of regional or statewide cyber programs is the ability to convene. The Bay Area UASI, she said, has been able to bring together chief information security officers across a swath of California stretching from the wine country north of San Francisco down to Monterey. Those officials, she said, are now able to coordinate on events and training, and schedule bigger activities like tabletop drills.
“I think before they knew each other’s names but never met,” she said. “Now we meet two times a month. “That’s really huge, and that’s what our projects have been able to do.”