Internet Explorer 11 is not supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

State, Local Officials Testify Cybersecurity Needs Funding

State, local and county governments officials testified that they need continually renewed, flexible funding to fend off increasing cyber threats during a U.S. Senate hearing earlier this month.

sen Hassan.png
Sen. Maggie Hassan, D-New Hampshire, convened a July 17 hearing on "Addressing Emerging Cybersecurity Threats to State and Local Government."
Screenshot
Budget strains leave cyber defense goals identified but unadopted at state, local and county levels, where successful attacks could down 911 call centers, halt school classes and disrupt water systems and waste treatment, speakers said during a Senate hearing earlier this month.

Lawmakers convening the Homeland Security and Governmental Affairs Subcommittee on Emerging Threats and Spending Oversight hearing sought to determine how the federal government could use policy changes and new grants to better fund these needs, while controlling its own expenditures.

Jurisdictions are too often priced out of enacting attack prevention and incident response measures. After Superintendent Russell Holden’s Sunapee, N.H., school district fell to a ransomware attack in 2019, a security audit identified important fixes — but with daunting costs.

“Going through that audit process, we quickly realized that we were completely understaffed [in IT,]” Holden said. “But to hire a new person would add at least 1 percent to our overall budget.”

Lower-level government often struggles with the expense of hiring IT personnel, vetting software, upgrading systems and a variety of other preventative and response methods, attested several government leaders during the hearing. Those expenses are no small matter but the societal costs of not investing and falling to attack may be greater still.

CONTINUAL SUPPORT


The federal government has recently shown willingness to open up its purse, with the efforts like the American Rescue Plan funding various cybersecurity needs and Homeland Security Secretary Alejandro Mayorkas instructing state and local recipients of Urban Areas Security Initiative (UASI) and State Homeland Security Program (SHSP) security defense grants to direct greater portions of their awards toward cybersecurity.

Yet testifying government officials said many efforts still fall short. Karen Huey, assistant director of the Ohio Department of Public Safety, and Mayor Stephen Schewel of Durham, N.C., said state and local governments need designated cybersecurity funding that does not subtract from investments in other public security priorities, which are still very much needed.

Schewel also underscored the need for regularly recurring funding to support defensive needs that are not one-and-done, such as continual network monitoring, regular software upgrading and frequent staff training.

“Cybersecurity measures are an ongoing expense,” Schewel said even if “a one-time grant will help get some efforts off the ground.”

FLEXIBLE FUNDS


Federal agencies may need to consider whether some policies are preventing funds from being used impactfully.

Dan Lips, vice president of national security and government oversight at technology and public policy focused nonprofit the Lincoln Network, said during the hearing that 50 percent of USAI and SHSP funds disbursed from 2015 to 2020 have not yet been spent. He said it was not clear why.

While not speaking in response to Lips, Tarrant County, Texas, Judge Glen Whitley said that restrictions on exactly how funding sources can be spent can block jurisdictions from putting money where it’s most needed to meet their specific needs, and he called for flexible funding.

Holden similarly expressed interest in widening how monies can be used and proposed examining whether some restrictions on Title IV education funding could be loosened to allow for tapping it to boost school systems’ cyber protections.

In other cases, strict requirements can keep those in need from qualifying for financial support: Policies that require localities to pitch in with matching contributions often hamstring initiatives by locking out smaller municipalities without the resources to make those matches, Schewel said.

COST-SAVINGS?


Senators did not contest the need to better support cybersecurity – but Sen. Rand Paul, R-Kentucky, questioned whether it was necessary for the federal government to budget more money or if other strategies could be helpful.

“The Washington solution seems to be throwing money at every problem,” Paul said.

Lips also expressed concerns around federal spending and pointed to recent Government Accountability Office (GAO) reports that have found public debt increasing faster than economic growth – something that could ultimately cause a drop in the value of the U.S. dollar.

(The GAO report proposed several steps for addressing the issue, including that the government reap more revenue by working to ensure it genuinely receives all taxes due to it and trim some unnecessary costs by better avoiding making accidental overpayments.)

Not all support needs to be directly financial, however, and some policy changes could help reduce demands on state, local and county budgets, Lips said.

For example, jurisdictions can struggle to sort through different federal agencies’ cybersecurity regulations, especially when some departments’ rules seem to conflict. Bringing different agencies’ rules into greater alignment could simplify this work and reduce the amount of staff time spent on compliance, Lips said.

He also suggested the federal government strive to offer partners more simplified security recommendations that are easy to digest and act on. Smaller entities may struggle to work with the National Institute of Standards and Technology (NIST)’s robust, but extensive and “high-level” slate of suggestions.



Government Technology is a sister site to Governing. Both are divisions of e.Republic.
Jule Pattison-Gordon is a staff writer for Government Technology. She previously wrote for PYMNTS and The Bay State Banner, and holds a B.A. in creative writing from Carnegie Mellon. She’s based outside Boston.


Special Projects
Sponsored Stories
Sponsored
In recent years, local governments have been forced to adapt to a wildly changing world, especially as it pertains to sending bills and collecting payments.
Sponsored
Workplace safety is in the spotlight as government leaders adapt to a prolonged pandemic.
Sponsored
While government employees, students and the general public had to wait in line for hours in the beginning of the pandemic, at-home test kits make it easy to diagnose for the novel coronavirus in less than 30 minutes.
Sponsored
Governments around the nation are working to design the best vaccine policies that keep both their employees and their residents safe. Although the latest data shows a variety of polarizing perspectives, there are clear emerging best practices that leading governments are following to put trust first: creating policies that are flexible and provide a range of options, and being in tune with the needs and sentiments of their employees so that they are able to be dynamic and accommodate the rapidly changing situation.
Sponsored
Service delivery and the individual experience within health and human services (HHS) is often very siloed and fragmented.
Sponsored
In this episode, Marianne Steger explains why health care for Pre-Medicare retirees and active employees just got easier.
Sponsored
Government organizations around the world are experiencing the consequences of plagiarism firsthand. A simple mistake can lead to loss of reputation, loss of trust and even lawsuits. It’s important to avoid plagiarism at all costs, and government organizations are held to a particularly high standard. Fortunately, technological solutions such as iThenticate allow government organizations to avoid instances of text plagiarism in an efficient manner.
Sponsored
Creating meaningful citizen experiences in a post-COVID world requires embracing digital initiatives like secure and ethical data sharing, artificial intelligence and more.
Sponsored
GHD identified four themes critical for municipalities to address to reach net-zero by 2050. Will you be ready?