Internet Explorer 11 is not supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

3 Ways Governments Are Fighting Hackers

Agencies are broadening a few conventional tactics to prevent cyberattacks.

hackers1
(Shutterstock)
*Note: This was published in the magazine and online before news broke about the recent cyberattacks on election systems in Arizona and Illinois.

So far it’s been a quiet year for data breaches. No major state and local cyberattacks have yet been reported in 2016. Of course, that doesn’t mean attackers are taking a break. Evidence suggests they’re merely spending less time developing new approaches and instead refining some old but proven ways to hack, according to Verizon’s recent Data Breach Investigations Report.

The break in action is giving state and local governments some much-needed time to regroup, though. It’s true governments have always faced an uphill battle against cyberattacks. Shrinking budgets and a lack of specialized talent have been chronic problems. But recently agencies nationwide have begun to broaden their use of a few conventional tactics to mitigate the rising tide of attacks: teamwork, employee training and insurance. 

Teamwork. Fighting hackers from just about every corner of the globe is a gargantuan task, but doing it by yourself makes it even harder. That’s why a growing number of state governments are creating multiagency groups to tackle cybersecurity. In Arizona, the state has formed the Cyber Threat Response Alliance to analyze real and emerging dangers. The alliance, which includes the FBI, Homeland Security and academic institutions, hopes to better understand what kind of barriers might slow down coordinated responses to cyberattacks. 

Similarly, the New Jersey Cybersecurity and Communications Integration Cell is focused on information sharing around cyberthreats. With help from the feds, states and localities are able to access up-to-date information on data breaches, obtain risk assessments, get the latest tips and learn how to practice better cyberhygiene. Other states with multiagency programs include Georgia, New York and Washington.

Employee training. When it comes to security, government CIOs are haunted by the old cliché, “You are only as strong as the weakest link.” If you’ve ever happened to watch the cyberthriller series Mr. Robot, then you know that human error is one of the major sources of breaches and intrusions. To counter this problem in government, states and localities have developed what’s known as security awareness training. The idea is to make government employees more conscious of security overall and to reduce the kind of mistakes that can launch an intrusion, trigger an attack or inadvertently allow certain types of fraud.

The awareness training can range from rudimentary classes to sophisticated online programs that keep careful track of employee progress. While awareness training isn’t cheap, especially for a state government that may have tens or hundreds of thousands of employees, the payoff in better protection is invaluable, according to Michael Roling, Missouri’s chief information security officer. 

With 40,000 state employees taking regular courses on a monthly basis on everything from avoiding phishing attacks -- emails disguised to look like official business, but that can trigger an intrusion once opened -- to what constitutes a secure password, Roling says continuous training has resulted in fewer cybersecurity problems. “Awareness training is one of the most important components of our security posture,” he says.

Insurance. When all else fails, states and localities have the fallback option of purchasing cyberinsurance. Available for years in the private sector, the coverage is just beginning to catch on in state and local government. In 2014, hackers broke into the Montana Department of Public Health and Human Services’ server. Fortunately for Montana, the state had insurance, which helped it cover the cost of investigating the attack, notifying individuals impacted by the breach and recovering the theft of government funds. 

Not surprisingly, insurance isn’t cheap, costing as much as $20,000 for every $1 million in coverage. On the plus side, though, getting insurance has the added benefit of shoring up your defenses: After all, you wouldn’t be able to get it unless you were doing something right. 

Tod is the editor of Governing . Previously, he was the senior editor at Government Technology and the editor of Public CIO, e.Republic’s award-winning publication for IT executives in the public sector, and is the author of several books on information management.
Special Projects
Sponsored Stories
The 2021 Ideas Challenge recognizes innovative public policy that positively impacts local communities and the NewDEAL leaders who championed them.
Sponsored
Drug coverage affordability really does exist in the individual Medicare marketplace!
Sponsored
Understand the differences between group Medicare and individual Medicare plans and which plans are best for retirees.
Sponsored
For a while, concerns about credit card fees and legacy processing infrastructure might have slowed government’s embrace of digital payment options.
Sponsored
How expanded financial assistance, a streamlined application process and creative legislation can help Black and brown-owned businesses revive communities hit hardest by the pandemic.
Sponsored
In recent years, local governments have been forced to adapt to a wildly changing world, especially as it pertains to sending bills and collecting payments.
Sponsored
Workplace safety is in the spotlight as government leaders adapt to a prolonged pandemic.
Sponsored
While government employees, students and the general public had to wait in line for hours in the beginning of the pandemic, at-home test kits make it easy to diagnose for the novel coronavirus in less than 30 minutes.
Sponsored
Governments around the nation are working to design the best vaccine policies that keep both their employees and their residents safe. Although the latest data shows a variety of polarizing perspectives, there are clear emerging best practices that leading governments are following to put trust first: creating policies that are flexible and provide a range of options, and being in tune with the needs and sentiments of their employees so that they are able to be dynamic and accommodate the rapidly changing situation.