Scaling Local Government Cybersecurity – Written by Marissa Da Silva on September 26th, 2019
With the increasing reliance upon information technology, cybersecurity is strategic imperative for communities across the United States. Unfortunately, many cities don’t have sufficient budgets or expertise when it comes to addressing the cybersecurity challenge. Jean-Pierre (J.P) Auffret, director, research partnerships, School of Business has partnered with Angelos Stavrou, Professor, Computer Science and Director, Center for Assurance Research and Engineering in the Volgenau School and Virginia and West Virginia state and local governments to collaborate on cybersecurity and foster regional local government cybersecurity partnerships and initiatives.
The background for the National Science Foundation project is that approximately 60% of the U.S. counties have less than 50,000 residents but “nearly all counties play a critical role in the transportation and infrastructure.” Counties own 46% of the U.S. road miles, 38% of the bridges and in addition are involved in the operation of 34% of public airports, 1,943 health departments, 3,041 police and sheriff’s departments, and utility services such as water and electricity. (National Association of Counties). Many cities and counties are increasingly adopting connected technology not just for administration but also for these critical infrastructure electric, water and transportation systems.
Building upon experiences in public health and public safety, cross-jurisdictional sharing of services is a growing strategy used at local levels to address technology related challenges such as tight budgets and limited expertise. The scalable nature of technology operations makes cybersecurity a good candidate for local government collaborations.
The project’s objective is to enhance U.S. local government cybersecurity by fostering and developing institutional capacity, policies and legislation to further local government cybersecurity partnering and governance; and to facilitate cybersecurity partnering among local governments.
The project kicked off with statewide workshops in Virginia and West Virginia with participants including state and local government administrators, IT and cybersecurity leaders. Virginia Secretary of Homeland Security and Public Safety Brian Moran gave an opening talk at the Virginia workshop and West Virginia Chief Technology Officer Josh Spence and Chief Information Security Officer Danielle Cox partnered on the West Virginia workshop. The statewide workshops identified potential areas for local government cybersecurity partnering including on cybersecurity governance, joint staffing, technology procurement and communications. In addition, the workshops, identified institutional barriers to partnering.
“Local governments are increasingly providing digital citizen services and own and operate critical infrastructure, including water and electricity,” says Auffret. “Cybersecurity partnerships amongst local governments can provide the means to scale and share capability and capacity and better address the cybersecurity threat”.
Project initiatives have also included hosting Virginia regional workshops in Northern Neck and Middle Peninsula; Loudoun County, Frederick County, Purcellville and Leesburg; and Roanoke County regions. Project partners in addition to NSF, the Commonwealth of Virginia and West Virginia governments, include the Department of Homeland Security; Virginia local governments of Arlington County, Essex County, Roanoke County, Loudoun County, Caroline County, Frederick County, Town of Purcellville and Town of Leesburg; and Palo Alto Networks.
Examples of local government cybersecurity collaborations resulting from the project include: adapting Arlington County cybersecurity policies for use by other local governments; developing a Cybersecurity Awareness Messages from the CISO pamphlet; contributing to development of a Commonwealth of Virginia local government cybersecurity points of contact list for the Virginia Fusion Center and developing a Readiness Assessment, Roadmap and Toolkit for local government cybersecurity partnering.
The project is going to further expand to Ohio and Pennsylvania in fall 2019.