On cybersecurity, cities have ‘a lot to learn from each other’
City cybersecurity leaders need to work much more closely together if they’re going to counter the growing threats against government and infrastructure, according to San Francisco Chief Information Security Officer Michael Makstman.
Speaking during a Scoop News Group Live event this week, Makstman said there need to be “fundamental capabilities in regional thinking,” especially when it comes with making use of upcoming federal funding for state and local cybersecurity.
San Francisco CISO Michael Makstman
“We really have a lot to learn from each other,” Makstman said. “Cybersecurity as a discipline in government is still very new. There are a lot of organizations that still don’t have a CISO. We also have a lot to talk to with our elected officials who often don’t know the kinds of conversations to have with their cybersecurity chiefs.”
Makstman has tried to lead that intercity collaboration. Last year, he and his counterpart in Boston, Greg McCarthy, founded the Coalition of City CISOs, which has since attracted the participation of cybersecurity chiefs from other big U.S. metropolitan areas. One of the new group’s abilities, Makstman said, has been to help CISOs make their cases for cybersecurity by showing city executives what other municipalities are doing.
“We need to present from the perspective of what everyone else is doing,” he said. “Having that wider perspective makes the difference. If we say ‘three out of five large cities are doing this,’ it helps us.”
One such example came in summer 2020 during the height of the racial-justice protests after a Minneapolis police officer murdered George Floyd, Makstman said. As cities were bracing for widespread demonstrations and unrest, CISOs in the coalition held regular calls about how to ensure critical IT systems remained protected and operational, he said.
“There’s no substitute for that,” he said of the regular calls.
While the Coalition of City CISOs is only a year old, Makstman said it is starting to look beyond the United States for input and additional best practices. So far, he said, he’s spoken with cybersecurity officials from cities in Canada, Europe and Asia.
“We’re all dealing with a cybersecurity pandemic,” he said. “We can’t solve cybersecurity problems one at a time. A collective approach is absolutely necessary, and we need to build strong networks at the local level. The local level is where you live.”
