“I think you’re going to see investments in cybersecurity go from 10, 20 percent of the IT budget to 30 or 40 percent,” said Mike Allison, head of government and cities for Nokia.
“Because once you have an attack, that’s when you start spending the money,” he added.
Large legacy systems, along with often slow procurement processes, can sometimes hobble public entities in the rapidly moving world of cybersecurity, say experts. And if technology officials don’t yet see themselves as security experts, they might need to start thinking differently. Cybersecurity is shifting so quickly that it’s best to just jump in and move quickly.
“What you knew yesterday isn’t necessarily valid today,” said Joel Scharlat, director of operations for Cyber Bytes Foundation.
Scharlat added that it doesn’t matter how skilled a person is in cybersecurity. No one can handle today’s threats alone.
“I think collaboration is key,” he said. “If you’re a locality, and you’re interested in making something ‘smart,’ understand what that means, understand what you have.”
Smaller and medium-sized counties and cities should consider forming regional alliances when taking on cybersecurity, said Mike Cannon, chief technology officer for Stafford County, Va. Alliances can help localities pool resources and expertise. Being small doesn’t make a jurisdiction less vulnerable or attractive to cyber criminals.
“I think we’re all recognizing the importance of collaborating and working together and sharing threat information,” Cannon told the panel. “Because it’s not a matter of whether you get attacked, it’s a matter of when you get attacked.”
Glen Gulyas, chief strategy officer at Onclave Networks, said the significant security threats faced by localities today represents “the most disruptive change” to government technology and culture in 30 years.
“This is not a growth process. It’s a grieving process,” he added. “Because we’re going to have to let go a lot of things that we’re used to trusting, and put our faith in new things.”