Governance

Cybersecurity Primer Addresses Challenges For US Officials

Researchers have released a for US government officials, stressing upon funding, hiring, and communication to work efficiently.

by Vishwa Pandagle March 15, 2024 in Firewall Daily, Governance Reading Time: 4 mins read 0

612 SHARES 3.4k VIEWS Share on LinkedInShare on Twitter

Researchers have published a cybersecurity primer specifically for managers and elected officials in the American local government.

Designed specifically for government officials, this cybersecurity primer aims to simplify essential topics of online security. The primer aims to enhance understanding and clarity, catering to the needs of the nation's 38,000-plus local government units.

The cybersecurity primer for local government officials

The pdf document incorporates research by Donald F. Norris and Laura K. Mateczun, encompassing over five overarching subjects. These topics encompass inquiries tailored for IT and cybersecurity personnel, providing valuable guidance.

Donald is the professor Emeritus of Public Policy at the University of Maryland and Laura is a research assistant at the Maryland Institute for Policy Analysis and Research.

The key concerns detailed in the primer for cybersecurity were:
  1. Targeting of local governments
  2. Success of cyber attacks on local governments
  3. Vulnerabilities found in the local government systems
  4. The need for funding for cybersecurity in the local government
  5. The need for recruiting cybersecurity staff

The cybersecurity primer for government officials brought forth a compelling question, “If they do not understand cybersecurity, how will they be able to know if it is being practiced properly and effectively?”

To answer this, the cybersecurity primer offered suggestions such as advocating for a dedicated cybersecurity budget rather than including it within a general IT budget.

It also emphasized the importance of regular deliberations concerning the risk environment. Furthermore, the primer underscored the value of internal training to bolster cyber awareness.

Cybersecurity training is an integral part of effective application, not just for government officials alone but also for third-party vendors and contractors who are part of the team.

Another essential factor noted in the primer for American government officials was to practice responding to a threat or/ and cyber attack. It would help to think right and act swiftly in times of crisis to curb further damage if response activities are practiced and well-understood by the team.

Response activities are a set of actions involving both automatic controls and communication among the staff. The flow and steps to be followed must be the cornerstone of the response plan in any government office.

Working together to counter security threats from disruptive groups

The cybersecurity of the US government involves a collective approach, with various entities collaborating. This includes legal agencies, the National Institute of Standards and Technology (NIST), federal agencies, and the Multi-State Information Sharing and Analysis Center (MS-ISAC), all working in coordination.

A roadblock noted in the cybersecurity primer for US government officials was the lack of an adequate support system observed between the Chief Information Security Officers (CISO), IT directors in the local governments, and the top local government officials.

This lack of coordination and understanding of the critical nature of cyber security has been a prime reason for a slow response in the face of cyber threats.

The research noted the importance of effective leadership in curbing cyber risks and maintaining an active team to defend critical systems.

The sector is in need of not just one, however, many champions who drive the present workforce to create a wall as strong as possible until more help is found in terms of funding and recruitment.

Addressing the role and involvement of the CISO the research stated, “To the maximum extent possible, centralize all aspects of cybersecurity under a single, qualified Chief Information Security Officer (CISO) or other appropriate senior official.”

The cybersecurity primer concluded on a statement that read, “It is not whether you will be breached but when.” To this, they added – “and how many times?”

If threats can be exploited using any vulnerability in software, hardware, third-party access, and human error, then it becomes a part of the entire team to collaborate and adapt to best practices and believe that together a lot more could be done.

Source

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button