Raising low cybersecurity awareness in local government a matter of culture, training

DC CyberWeek panel urges local government leaders to build a culture of cybersecurity awareness to guard against threats.

Although security is a top priority for government IT leaders, it has yet to reach a shared level of importance among others in local government, according to cybersecurity experts speaking on a DC CyberWeek panel.

Panelists discussed security strategies to protect local government systems, as well as the need for user buy-in to cybersecurity protocol and contingency plans. The discussion was one of the first events Monday to kick off the weeklong cybersecurity festival, which is presented by CyberScoop.

Cybersecurity has been the No. 1 priority for state chief information officers for the past five years, according to panelist Yejin Jang, director of government affairs for the National Association of State Chief Information Officers. However, less than 35 percent of average end users in local governments were either moderately aware or exceptionally aware of cybersecurity issues, according to the International City/County Management Association’s 2016 cybersecurity survey.

The discussion emphasized employee awareness and training as a cybersecurity priority for local government. According to panelist Jane Reeve, director of information services for Spotsylvania County, Virginia, cybersecurity training is an important focus for local government resources, and employee awareness is crucial.


“Security has to come first,” Reeve said.

Panelist Luis A. Campudoni, director of information technology and facilities management for the Metropolitan Washington Council of Governments, also stressed the importance for employees to have a strong knowledge of security protocol so that deviations can be noticed and reported. Cybersecurity training, he said, is able to cultivate awareness and remind employees what is at risk if security measures are not adhered to.

Several local governments have seen success with training by establishing a “carrot and stick,” incentive program to enforce the testing and teaching of cybersecurity skills, said Jang. In one instance, employees have been rewarded with parking spots if they report and don’t fall for test phishing emails. Rewarding employees for good security habits creates a stronger feeling of responsibility for maintaining cybersecurity, according to Jang.

Dale Worley, the CIO of Greenbelt, Maryland, said that training alone is not enough to make an organization cyber secure. To test and strengthen security skills, users need “constant, constant reminding.”

To strengthen cybersecurity in local government, Chris Walschin, vice president of systems security for Election Systems & Software, recommended that a change in mindset begins with frequent practice. Walschin recommended that local government employees prepare for proper cyber-hygiene at work by practicing at home.

Betsy Foresman

Written by Betsy Foresman

Betsy Foresman was an education reporter for EdScoop from 2018 through early 2021, where she wrote about the virtues and challenges of innovative technology solutions used in higher education and K-12 spaces. Foresman also covered local government IT for StateScoop, on occasion. Foresman graduated from Texas Christian University in 2018 — go Frogs! — with a BA in journalism and psychology. During her senior year, she worked as an intern at the Center for Strategic and International Studies in Washington, D.C., and moved back to the capital after completing her degree because, like Shrek, she feels most at home in the swamp. Foresman previously worked at Scoop News Group as an editorial fellow.

Latest Podcasts