Internet Explorer 11 is not supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Mark Weatherford

Cybersecurity Columnist

Mark Weatherford, chief strategy officer for the National Cybersecurity Center, is the cybersecurity columnist for Governing and a senior fellow at the Center for Digital Government, both of which are divisions of e.Republic. Among his previous appointments, he served as the U.S. Department of Homeland Security's deputy undersecretary for cybersecurity and, before that, as the chief information security officer for the state of California. In the private sector, Weatherford served in senior roles at the North American Electric Reliability Corp., vArmour, Booking Holdings and Aspen Chartered, in addition to advisory roles with a number of technology startups.

With $1 billion on the way from the new infrastructure law, state cybersecurity planning committees will need to be creative to fairly and uniformly distribute funds across diverse government landscapes.
Too many government organizations cling to legacy ideas about owning and managing their technology. A centralized, enterprise IT environment provides better cybersecurity while creating vast efficiencies.
Governments will be in healthier posture in December 2022 if they seriously address the cybersecurity staffing gap, keep an eye on their security supply chains and begin moving to a zero-trust framework.
Government organizations need a road map that sets the stage for the future, accounts for leadership changes, includes input from all players and gets a regular review and refresh.
As attacks on state and local organizations become the rule and not the exception, leaders need to reprioritize their defenses. And they may need to confront a difficult question: Should we pay up?
With staffs stressed by the pandemic and threats growing, managed security service providers can bring up-to-date expertise to bear while helping governments hold down costs.
The White House is making it clear: Protecting our critical systems from cyber attacks must involve every level of government as well as the private sector.
A new training program is an opportunity for lawmakers and their staffs to get up to speed so that the policies they craft address the issue in ways that don’t harm the economy.
It’s a bold attempt to transform cybersecurity. State and local government organizations, along with their vendors, will benefit from strengthened federal requirements.
By building on a decade-old federal effort, the just-launched StateRAMP promises to standardize and simplify procurement of cloud services that have already undergone rigorous security testing.