Cyber attackers turning toward states
As the federal government improves its cyber defenses, nefarious actors are turning their attention toward state and local governments, said Center for Internet Security CEO William Pelgin.
In an interview with StateScoop, Pelgrin said that state and local governments have answered the challenge with their own cyber defenses, although it remains a constant struggle to stay ahead of the changing threat landscape.
“We all face similar challenges,” Pelgrin said. “States approach the challenges individually, but there is also a sense of community around the issue that brings state leaders together to find solutions and share best practices.”
One of the key resources for the cyber security community has been the Multi-State Information Sharing and Analysis Center, which is a division of the Center for Internet Security. MS-ISAC brings together state security leaders from throughout the country to share information on the changing cyber landscape.
The MS-ISAC operates a 24/7 cyber security operations center and provides the nation’s state, local, territorial and tribal governments with cyber threat analysis, early warning notifications and incident response. They work closely with the U.S. Department of Homeland Security and other partners in gathering and sharing information. An important part of the collaboration is a monthly webcast meeting that includes MS-ISAC members from all 50 states and many of the country’s local, territorial and tribal governments.
Pelgrin, himself, has a long history in state governments. He served as the director of New York’s State Office for Technology from 1997 to 2002 and then as the state’s Office of Cyber Security and Critical Infrastructure Coordination within the Office of Homeland Security from 2002 to 2010.
“What we do as an organization is serve as a conduit for the SLTTs to share information,” Pelgrin said. “We try to provide extra value by giving them perspective outside their own environment, because the collective view is much more powerful than the singular view. The members have a phenomenal amount of expertise and passion and they are so willing to share this with other members. Nothing says we all have to tackle this problem alone.”
Pelgrin added that perhaps the biggest challenge facing states – one that’s also heard on the federal level and the private sector – is the need to find talented cyber employees. He said the days of having one focal security person are in the past and it now takes a collaborative effort. “You need every employee to be cyber aware and to make sure your organization has a wide-range of skill sets available to it,” Pelgrin said. “Having expertise in one area today does not mean that’s where an attack will come tomorrow.”
Pelgrin said states have done a tremendous job on the education and awareness side of cybersecurity. Challenges still come on the technical side as the tactics and technology continue to evolve and qualified cyber personnel become harder to find.
Another key collaborative effort by CIS is bringing together government entities to leverage the buying power of government, facilitating partnerships with solution providers that enable state and local governments to procure cybersecurity services at a lower price than they could if they were purchasing individually.