Regardless of what side of the political aisle anyone favors it’s apparent there’s a lot more concern about cyberespionage these days, especially as it might apply to tampering with elections or infiltrating critical infrastructure.
The trouble is that government agencies at any level are not especially well equipped for the task. A report issued this week by the General Accounting Office (GAO), which investigates Federal agencies on behalf of the U.S. Congress, finds that out of 3,000 cybersecurity recommendations made since 2010, there are 1,000 of recommendations that have yet to be addressed.
Specifically, the GAO report says there are four major cybersecurity challenges and 10 critical actions that the federal government and other entities need to take. The four major challenges are listed as establishing a comprehensive cybersecurity strategy and perform effective oversight; secure Federal systems and information; protect cyber critical infrastructure; and protect privacy and critical data.
Most communities rely on volunteer firefighters and emergency services personnel in some of their most critical times of need. The same approach should also be applied to cybersecurity. In fact, cybersecurity vendors as part of any effort to give back to the local communities might want to consider helping to fund such efforts.
- Develop and execute a more comprehensive Federal strategy for national cybersecurity and global cyberspace
- Mitigate global supply chain risks
- Address cybersecurity workforce management challenges
- Ensure the cybersecurity of emerging technologies involving, for example, artificial intelligence and the Internet of Things (IoT)
- Improve implementation of government-wide cybersecurity initiatives
- Address weaknesses in Federal agency information security programs
- Enhance Federal response to cyber incidents
- Strengthen Federal role in protecting cybersecurity of critical infrastructure
- Improve Federal efforts to protect privacy and sensitive data
- Appropriately limit the collection and use of personal information and make sure that data is obtained with consent
Much of that advice is applicable obviously to local governments as well. At a time when concerns are being raised about cyberattacks aimed at the electric grid in the U.S. and the security of voting systems, it’s clear agencies at all levels of government need access to a lot more cybersecurity expertise. In fact, cybersecurity professionals might want to consider volunteering some of their time to help secure IT infrastructure in their local communities starting with, for example, the voting machines being used to elect officials this November.
Of course, most cybersecurity professionals are already hard-pressed for free time. But it’s also apparent that most government agencies don’t have much access to critical cybersecurity expertise. The Trump administration is trying to address cybersecurity issues. But if Federal agencies don’t have the resources to solve the problem chances are local governments are even worse off.
Local communities routinely organize volunteers to provide essential services. Most communities, for example, rely on volunteer firefighters and emergency services personnel in some of their most critical times of need. The same approach should also be applied to cybersecurity. In fact, cybersecurity vendors as part of any effort to give back to the local communities might want to consider helping to fund such efforts.
It may be difficult to get local officials to appreciate the severity of the cybersecurity challenge they face. But with each passing day, there’s plenty of news to suggest that a cybersecurity event that is going to adversely impact the standing of local officials in the polls is now more a matter of when than if.
Mike Vizard has covered IT for more than 25 years and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet, and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb, and Slashdot. Mike also blogs about emerging cloud technology for SmarterMSP.