The objective of this NSF-funded project (NSF Award #1623653) is to develop and provide focused and context specific cybersecurity leadership education and training for city and county governments.
The project will develop local government cybersecurity modules to augment existing cybersecurity degree curriculums as well as develop standalone local government cybersecurity education modules. As part of these efforts, the project will develop a cybersecurity toolkit, readiness assessment and roadmap for local governments to better undertake cross jurisdiction collaboration amongst cities, counties and states in cybersecurity leadership, capabilities, technologies, resources and vendor contracts. The project will scale by partnering with cities, counties and universities in a national local government cybersecurity learning community for regional workshops and ongoing training and cybersecurity cross jurisdiction sharing development. Expand to read more about project summary.
The project’s rationale is that local governments often have limited funding and cybersecurity expertise but have major roles in providing citizen services and operating critical infrastructure. Approximately 60% of the U.S. counties have less than 50,000 residents but “nearly all counties play a role in the nation’s critical infrastructure” (Council of State Governments, 2015). Counties own 45% of the U.S. road miles, 40% of the bridges and are involved in the operation of 30% of public airports, 1,550 health departments, 3,105 police and sheriff’s departments, and utilities such as water and electricity (National Association of Counties, 2015). Cities and counties are critical to the nation’s resilience and emergency response.
Building upon experiences in public health, public safety and IT, cross jurisdictional sharing of services is a growing strategy used at local levels to address challenges such as tight budgets and limited expertise. The scalable nature of technology operations makes cybersecurity a good candidate for municipal collaborations. Our initiative develops the curricula and provides the expertise, toolkit, roadmap and training for local governments to strengthen their cybersecurity programs overall and share each other’s cybersecurity capabilities and resources to achieve stronger cybersecurity status.
This project builds upon our research projects, cybersecurity education programs and industry engagement including interviews of local government CISOs and CIOs for the NSF project “Bridging the Cybersecurity Leadership Gap: Assessment, Competencies and Capacity Building” with the objective of developing CISO core competencies and corresponding learning objectives. The project also builds upon Mason’s designation as a DHS Center of Academic Excellence in Information Assurance Education and in Information Assurance Research, and founding partner of the U.S. Government’s CIO University.
This effort will be the first in the nation to explore local government focused cybersecurity education, and the first to highlight cross jurisdictional capacity sharing in cybersecurity for local governments. Specifically, the following questions will be explored and evaluated and products developed:
- How can cybersecurity for local governments especially those with limited budgets and cybersecurity expertise most effectively be addressed?What are the most effective strategies, models and approaches for cybersecurity cross jurisdictional sharing for local governments?
- Local government cybersecurity curriculum and learning modules
- Cybersecurity toolkits for local governments and local government cross-jurisdictional cybersecurity capacity sharing roadmap and readiness assessment.
We will make all research findings, including toolkits, roadmaps and curriculums available to local governments and universities and promote the results and adoption through regional workshops and annual conferences. The materials will be utilized in online courses and webinars and George Mason will host a national clearinghouse of resources for local cybersecurity and cross-jurisdictional cybersecurity capacity sharing. In addition, the project will raise awareness of cybersecurity and promote cybersecurity training to rural cities and counties that comprise the U.S.’ largest proportion of local governments.
1. Cybersecurity Policy Sharing – VA Portal:
One area of cybersecurity partnership that could potentially benefit a large number of local governments, and is relatively quick to implement is sharing cybersecurity policies and regulations, that are transferrable from government to government. Adequate and mature policies and regulations are an important component of cybersecurity governance. Many local governments acknowledge the need for more mature and up-to-date cybersecurity policies and regulations, but cite the lack the resources and experience hinders progress.
Mason-NSF City/County Cybersecurity Partnership Project team collected policy and regulatory recommendations from local cybersecurity experts in Virginia (special credits and thanks are given to Arlington County CISO, David Jordan, for his contribution and guidance) and compiled the following set of policy templates, which is available for reference to all VA governments. Local governments interested to share their specific cybersecurity policies and regulations on this platform can contact Prof. J.P. Auffret at email@example.com.
(Disclaimer: Efforts were made to keep these policy templates generic, or non-specific, in order to benefit a broader range of authorities. When using these policy templates as references, local governments are advised to apply changes that reflect the unique situations of their own localities and appropriate legal reviews.)
2. Cybersecurity Advice from a Local CISO
Also a contribution from Dave Jordan, the following pamphlet exemplifies the dynamic messages written and collated by Dave, with which a CISO could communicate with and inspire government employees and constituents.
View and Download Personal Cybersecurity Advice from a Local CISO