State

Former NSA director says state and local governments must ‘optimize’ cybersecurity

Retired Army Gen. Keith Alexander urged state and local governments to form a "collective defense" against threats like ransomware.

By Benjamin Freed

April 22, 2021

Former NSA Director Keith Alexander speaks at a 2017 event hosted by Fortune magazine. (Rob Lever / AFP / Getty Images)

State and local governments should band together and build a “collective defense” to improve their resiliency against threats like ransomware, former National Security Agency Director Keith Alexander said Thursday during an online panel discussion. Going it alone, Alexander said, governments have a tougher time bouncing back from cyberattacks.

“For too long, we’ve had everyone working by themselves and everyone’s getting defeated,” Alexander said during the panel, which was hosted by the Center for Digital Government. “We all have to work together. If we don’t do this then we’re getting individually hit with cyberattacks and we don’t have the visibility to do anything about it.”

One way in which state and local governments have been making cybersecurity strides over the past year is an accelerated migration to cloud-based applications, especially as they’ve had to massively expand capacity of their unemployment systems and create new services responding to the COVID-19 pandemic, added former Kentucky Chief Information Officer Charles Grindle.

“The pandemic was a catalyst for state and local customers to move from legacy systems and into secure and elastic cloud solutions,” said Grindle, who’s now a government adviser with Amazon Web Services.

Those moves, he said, potentially make agencies less vulnerable to cybercriminals who can launch attacks with relative simplicity.

“There’s an arsenal of tools available even to the most under-resourced cybercriminals,” Grindle said.

But both Alexander and Grindle said there may be promise for state and local government cybersecurity ahead with the recent passage of the American Rescue Plan, which includes about $350 billion in direct aid for states and local governments.

“The American Rescue Plan is an opportunity for leaders in state and local government to shore up those vulnerabilities and position their organizations for the future,” Grindle said. “This is an opportunity for those same leaders to continue that journey and securely modernize applications and provide services.”

The National Association of State Chief Information Officers has also said its members expect to be able to use some of that money to fund IT and cyber modernization efforts in their states.

Alexander, who now runs IronNet, an endpoint detection and response platform, stressed collaboration between governments, a trend that’s long been promoted by groups like NASCIO and the National Governors Association.

“This is where the state and local governments can be really effective,” he said. “By pooling their resources, they’ll show the way collective defense can be used.”