A report Thursday from the National Association of State Chief Information Officers (NASCIO), Bridging Digital Divides: Expanding Cybersecurity in Underserved Communities, outlines best practices and case studies in this area.
State chief information security officers (CISOs) have certainly been well tied to serving the cybersecurity needs of their state agencies and departments. But they are also increasingly turning their attention to the cybersecurity needs of smaller government organizations, which tend to be more closely connected to their communities.
“The reality is that CISOs serve their state government agencies but have also been providing services to local governments for many years,” Meredith Ward, deputy executive director at NASCIO, said via email. “That has increased in the last few years as the concept of whole-of-state cybersecurity has gained more momentum and the passing of the State and Local Cybersecurity Grant Program.”
For example, New Hampshire offers grant-funded cybersecurity training to municipalities and residents by forming partnerships among agencies like the Department of Information Technology, the New Hampshire Public Risk Management Exchange and the state Department of Safety. These partnerships bring cybersecurity training to not only residents but also first responders, educators, school boards, public-sector IT employees, students, municipal leaders and elected officials.
In Idaho, a largely rural state where small towns often lack the ability to develop comprehensive cybersecurity programs, Operation Cyber Idaho works to increase cybersecurity literacy and competency by developing cybersecurity skills among local residents and public-sector workers. They can work “in state apprenticeships and internships to gain the necessary skills before returning to their community to work full time,” according to the NASCIO report.
“We aren’t suggesting that CISOs create whole new programs for the masses,” Ward said. “The idea is that inclusive cybersecurity is something they keep in mind when assisting state and local agencies.”
Underserved populations, which can include tribal communities, veterans, disabled residents, low-income families and others, often lack the resources and skills to effectively evade cybersecurity threats. A study, cited in the NASCIO report, examining low-income, non-English speaking residents in San Francisco found 26 percent had been a victim of a “cyber scam,” while 39 percent did not create strong online passwords, and 40 percent had had a device infected by a virus.
