Internet Explorer 11 is not supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Here's How to Improve State, Fed Cybersecurity Collaboration

During the second week of the federal Annual National Cybersecurity Summit, experts shared their thoughts on the roles of states and federal agencies when it comes to dealing with cyber attacks within state borders.

Illinois Emergency Management Agency Acting Director Alicia Tate-Nadeau speaks during CISA's National Cybersecurity Summit.
Something must change with federal information sharing and state and federal roles if states are to be most effective at responding to cyber criminals, according to expert commentary during the second week of the Cybersecurity and Infrastructure Security Agency’s (CISA) Annual National Cybersecurity Summit.

National Cyber Director Chris Inglis kicked off Wednesday's summit program by touting the Joint Cyber Defense Collaborative (JCDC). The entity, he said, would facilitate information sharing across sectors — creating a more complete picture of attackers’ efforts — and pool efforts to present a stronger front against malicious actors. The JCDC’s initial launch earlier this year focused on bringing together federal units and private-sector cybersecurity and tech firms, with plans also calling for consulting with state and local governments and other entities.

Alissa Starzak, global head of public policy at Cloudflare, said during a virtual panel that she expects JCDC participation to provide insights to help her firm shift to more proactive efforts against cyber attacks. The project would also create an ongoing relationship between government and companies, a switch from current practices that often only sees firms connect with agencies when an incident occurs, she said.

State officials have their own wish lists for federal agencies’ information-sharing approaches.

Illinois Emergency Management Agency Acting Director Alicia Tate-Nadeau, who spoke during a separate virtual panel, said federal threat sharing at present is often too vague to allow states to take meaningful action, leaving them dependent on federal partners to tackle problems.

“If you don't want states to be solely reliant upon the federal piece, then we need more fidelity in things that come out [regarding incidents] within our geographic boundaries,” Tate-Nadeau said.

Broad-strokes explanations may be sufficient to describe incidents happening in other states, but fine-grained details are a must to empower state agencies to handle incidents on their own turf, she said.

Supporting Localites

Illinois has examined not only how it receives information but also how it, in turn, disseminates it. Tate-Nadeau said fusion centers play a key role in helping the state receive reports from individual counties and send out warnings to remaining counties as well as alerts to federal partners. Quick communication is essential.

“It's never going to be one county or one location that gets hit,” she said. “More than likely, it's just a beginning or an indicator to possibly something larger.”

When it comes to supporting counties, Illinois has found its cyber navigators program to be particularly helpful. The state launched the effort in response to election cybersecurity threats in 2016. Under this initiative, the state sends experts to different counties to help officials with cybersecurity challenges related to elections or other areas, Tate-Nadeau said.

Defining Authorities

Tate-Nadeau also homed in on the need to equip agencies with the powers and roles — not just information — to respond effectively.

For Illinois, part of that means striving to ensure it can react to cyber emergencies with the same tools it brings to bear against other disasters. In August, the state expanded its Illinois Emergency Management Agency Act so that the legislation includes cyber incidents among the disasters covered.

But when it comes to state and federal collaboration, Tate-Nadeau said some murkiness remains about roles.

Some existing legislation is limited: The Federal Emergency Management Agency (FEMA)’s Stafford Act outlines how the federal government can send disaster assistance to states, tribes and localities, but it doesn't recognize cyber events, Tate-Nadeau said.

She also questioned whether all parties have the authorizations needed to take appropriate actions.

“Do we have the right authorities?” Tate-Nadeau asked. “And are they in the right areas? Then [we should be] trying to scope or understand what those gaps are between when the federal government gets involved in the response or recovery effort and when the state has.”

Helping states dial up their efforts to fill any gaps that are discovered will take more funding — something that Congress' pending infrastructure bill would help address, she added.

“If you give us the dollars and the guidance, then we will work on coming up with the solutions,” Tate-Nadeau said.

Government Technology is a sister site to Governing. Both are divisions of e.Republic.
Jule Pattison-Gordon is a staff writer for Government Technology. She previously wrote for PYMNTS and The Bay State Banner, and holds a B.A. in creative writing from Carnegie Mellon. She’s based outside Boston.

Special Projects
Sponsored Stories
The 2021 Ideas Challenge recognizes innovative public policy that positively impacts local communities and the NewDEAL leaders who championed them.
Drug coverage affordability really does exist in the individual Medicare marketplace!
Understand the differences between group Medicare and individual Medicare plans and which plans are best for retirees.
For a while, concerns about credit card fees and legacy processing infrastructure might have slowed government’s embrace of digital payment options.
How expanded financial assistance, a streamlined application process and creative legislation can help Black and brown-owned businesses revive communities hit hardest by the pandemic.
In recent years, local governments have been forced to adapt to a wildly changing world, especially as it pertains to sending bills and collecting payments.
Workplace safety is in the spotlight as government leaders adapt to a prolonged pandemic.
While government employees, students and the general public had to wait in line for hours in the beginning of the pandemic, at-home test kits make it easy to diagnose for the novel coronavirus in less than 30 minutes.
Governments around the nation are working to design the best vaccine policies that keep both their employees and their residents safe. Although the latest data shows a variety of polarizing perspectives, there are clear emerging best practices that leading governments are following to put trust first: creating policies that are flexible and provide a range of options, and being in tune with the needs and sentiments of their employees so that they are able to be dynamic and accommodate the rapidly changing situation.