top of page

MANAGEMENT UPDATE.

CYBERATTACKS: FIGHTING BACK

“Cyberattacks in the United States have surged in frequency and impact since the start of this decade, with the country facing several hundred on any given day,” according to a late April report from the Information Technology and Innovation Foundation (ITIF). “The proliferation of digital systems and interconnected infrastructure has widened the attack surface, while adversaries have become more organized and technologically advanced, increasing the sophistication of their methods.”


The report focuses on three significant challenges that contribute to the vulnerability to cyberthreats: the rising costs and frequency of attacks; the growing sophistication of threat actors, and the increasing complexity and interconnectedness of government IT systems.


“These trends,” according to ITIF, “compounded by chronic resource shortages, fragmented governance structures, and market and regulatory failures, make it increasingly difficult for state and local governments to defend themselves, let alone recover quickly from attacks.



What can states, cities and counties do? The report makes ten recommendations, which follow, accompanied by a summary from the report of the way they’d work:


  • “Among the most significant barriers to stronger cybersecurity at the state and local levels are the resource and capacity constraints. Congress should make the SLCGP (State and Local Cybersecurity Grant program)  permanent with consistent annual appropriations. . .   Permanent funding would enable jurisdictions to prioritize cost-effective security investments, such as secure-by-design products and vendor accountability measures, rather than repeatedly patching vulnerable systems, allowing governments to invest in architecture modernization and hire permanent cybersecurity staff without fearing that support might vanish mid-cycle.”


  • “Congress should expand the CyberCorps: Scholarship for Service (SFS) program to include a buy-in option for state and local government placements. The SFS program currently funds cybersecurity education in exchange for service in qualified government positions. The National Science Foundation should amend the program’s authorization to establish explicit buy-in pathways that would allow state and local agencies to directly sponsor and recruit SFS graduates. By enabling state and local government buy-ins, the program could channel more talent into areas with the most acute need rather than concentrating placements only at the federal level.”


  • Regional cybersecurity training hubs, developed in partnership with public universities and community colleges, can provide scalable training in simulated network environments wherein students practice detecting and responding to cyberattacks in safe, controlled settings, and technical certification pathways. These hubs reduce overhead for small jurisdictions by pooling resources while delivering consistent, high-quality instruction.”


  • At the federal level, multiple reforms could improve coordination and oversight. Creating dedicated state and local liaison offices would streamline access to federal resources . . . while helping agencies navigate assistance programs more effectively.”


  • At the state and local levels, governments should take complementary steps. Establishing state cybersecurity coordination centers would connect local agencies to existing federal Information Sharing and Analysis centers, ensuring that smaller jurisdictions receive actionable information. States should also conduct joint cyber exercises tailored to local contexts, involving hospitals, election offices, and utilities to ensure readiness across the public–private ecosystem. Most importantly, states should create cybersecurity coordination offices to facilitate threat intelligence sharing, harmonize incident response across agencies, and serve as the states’ primary liaisons to federal partners.” 


  • “To further strengthen interstate support during major cyber incidents, the National Governors Association should operationalize the Emergency Management Assistance Compact (EMAC)—a mutual aid framework that allows governors to request personnel and resources from other states during emergencies—for cybersecurity missions. This should include supporting the development of cyberspecific Mission Ready Packages and clarifying legal, administrative, and reimbursement pathways for deploying cyber personnel across state lines. These steps would allow states to rapidly surge qualified analysts, incident responders, and technical teams during largescale cyberattacks.”


  • “While state and local governments gain valuable insight into ransomware trends when victims report payments, allowing those payments to continue ultimately sustains the threat. A coordinated ban across jurisdictions would remove the profit motive that drives these attacks, making them less attractive and likely reducing their frequency over time. States such as North Carolina and Florida have already enacted ransom payment bans, and states pursuing similar legislation should pair prohibitions with dedicated cybersecurity enhancement funds to help smaller jurisdictions upgrade security systems and implement backup solutions before bans take effect.” 


  • At the federal level, policymakers should adopt complementary measures to close systemic gaps. First, federal agencies should establish minimum cybersecurity requirements for all technology products purchased with federal or federally supported funds, ensuring that insecure-by-design systems never enter government networks. Second, Congress should enact legislation on vendor accountability, mandating timely vulnerability disclosure and enforceable cybersecurity obligations in contracts.”


  • “State and local governments . . . should adopt cybersecurity procurement standards that evaluate vendors’ patch management practices, security certifications, and adherence to secure-by-design principles. Joint procurement agreements could strengthen bargaining power, reduce costs, and improve product quality, while vendor accountability frameworks, such as requiring cybersecurity insurance or guaranteed patch timelines, would shift responsibility away from vulnerable jurisdictions”


  • “States should also invest in public-sector–tailored tools. Many commercial cybersecurity products are built for large enterprises, making them expensive, overly complex, or incompatible with government legacy systems. By partnering with universities, nonprofits, and industry consortia, states could foster the development of affordable, user-friendly solutions designed for local governments. Regulatory alignment is equally important: States can harmonize their cybersecurity and data protection laws with federal frameworks and neighboring jurisdictions, reducing duplication and making compliance more achievable for small agencies.”


#FightingCyberAttacks #StateandLocalManagement #StateandLocalPerformance #StateLocalCybersecurityMangement #StateLocalCybersecurityPerformance #CityGovernmentManagement #CityCybersecurityManagement #CityCybersecurityPerformance #CountyGovernmentManagement #CountyCybersecurityPerformance #RegionalCybersecurityAssistance #IntergovernmentalCybersecurityAssistance #CyberHelpForSmallGovernments #StateandLocalTechnologyManagement #UserFriendlyCyberSecuritySolutions #CybersecurityAndStateLocalProcurement #StateCityCountyCyberPartnership #IntergovernmentalCybersecurityAssistance #CybersecurityHelpForSmallCities #StateLocalJointProcurementAgreements #ClosingPublicSectorCybersecuirtyGaps #RansomwarePaymentBans #StateCybersecurityCoordinationCenters #IntergovernmentalCyberCoordinationAndOversight #RegionalCybersecurityTrainingHubs #StateandLocaManagementNews #StateandLocalCybersecurityNews #BarrettandGreeneInc

MANAGEMENT UPDATE ARCHIVES.

A BIG NEW MEXICO INVESTMENT IN NEED OF DATA

Read More

CYBERATTACKS FIGHTING BACK

Read More

HOW TO JOIN THE K TO 12 EDUCATION RECOVERY

Read More

WHATS HAPPENING WITH CITY INFRASTRUCTURE

Read More

THE RURAL HEALTH CARE CRUNCH SOME SOLUTIONS

Read More

REDUCING VEHICLE MILES TRAVELED

Read More

A GIANT HOUSING ACTION PLAN FOR A GIANT CITY

Read More

THE CASE OF THE MISSING TAX DOLLARS

Read More

Barrett and Greene, Dedicated to State and Local Government, State and Local Government Management, State and Local Management, State and Local Performance Audit, State and Local Government Human Resources, State and Local Government Performance Measurement, State and Local Performance Management, State and Local Government Performance, State and Local Government Budgeting, State and Local Government Data, Governor Executive Orders, State Medicaid Management, State Local Policy Implementation, City Government Management, County Government Management, State Equity and DEI Policy and Management, City Equity and DEI Policy and Management, City Government Performance, State and Local Data Governance, and State Local Government Generative AI Policy and Management, inspirational women, sponsors, Privacy

 

Barrett and Greene, Dedicated to State and Local Government, State and Local Government Management, State and Local Managemen

SIGN UP FOR SPECIAL NEWS JUST FOR YOU.

Get exclusive subscriber-only links to news and articles and the latest information on this website sent directly in your inbox.

Thanks for Subscribing. You'll now recieve updates directly to your inbox.

Copyright @ Barrett and Greene, Inc.  |  All rights Reserved  |  Built By Boost  |  Privacy 212-684-5687  |  greenebarrett@gmail.com

bottom of page