“We do have a role, I think, in sharing information with the public about keeping themselves protected … but our greatest risk still remains those who click when they shouldn’t,” Dedmon said.
In Should State Governments Ban Ransomware Payments?, we examine a policy tactic popping up in certain parts of the country to battle back against ransomware attacks: all-out bans on paying ransom to attackers who take government data and systems hostage to reap financial gain. As unsavory an idea as cutting a check to cyber extortionists may be, there are several factors to consider. Chief among them is the reality that responding agencies are focused on the quickest route to restoring services for their residents.
We asked CIOs at the National Association of State Chief Information Officers Midyear Conference in May what it will take to turn the tide against the ransomware scourge. They emphasized the importance of basics like solid cyber practices, malware protection, data loss prevention tools and data backups. Good governance around data collection and retention was another common refrain.
But technology leaders also agree that organizations need to be prepared to respond to cyber threats like ransom- ware. As we so often hear, it’s not a matter of if an attack will happen, it’s when.
“You have to have that mindset that the breach is going to happen. How are we going to respond and be resilient when it does?” said Colorado CIO Dave Edinger. “Not just ‘How are we going to prevent this from ever happening?’ because that kind of mindset doesn’t get you into a place where you’re prepared to deal with things.”
Our cover story in this issue, What Do Cities and Counties Get from Whole-of-State Cyber?, digs into another critical component of cybersecurity efforts in the public sector: collaboration. Federal funds from the State and Local Cybersecurity Grant Program are helping foster new partnerships between states and smaller entities looking to build more cyber secure organizations.
We wanted to get a sense of what that additional support looks like from the point of view of small communities who may not have expertise on the threat landscape nor the budget to put the proper protections in place.
Massachusetts CIO Jason Snyder pointed to municipalities as being on the front lines of the state’s strategy to keep ransomware at bay.
“We are actively working to provide state government assistance for municipalities to really arm them, provide them the software that they need, the training that they need, and also provide them our SOC, our security operations center, so in the event of a cyber incident, they have somebody to call,” he said.
“Whole of state” in Texas covers a lot more area: nearly 270,000 square miles. The state is standing up regional security operations centers at universities statewide that pull in the local governments and help mature cyber practices across the board, not to mention serve as a training ground for students in cyber.
“At the end of the day,” said Texas CIO Amanda Crawford, “I think the challenge is continuing to break down silos between K-12, local government, state agencies, the federal government so that we can really respond with not just a whole-of-state approach but a whole-of-country approach.”
This story originally appeared in the September/October 2024 issue of Government Technology magazine. Click here to view the full digital edition online.
