Seven technology industry groups on Monday added their support to a push for dedicated cybersecurity aid to state and local governments to be included in the next round of federal relief to the COVID-19 pandemic. The letter, which is addressed to House Speaker Nancy Pelosi, D-Calif., and Minority Leader Kevin McCarthy, R-Calif., urges the aid as a measure to help governments defend themselves against emerging cyberthreats as they continue to run their operations largely via telework.
“COVID-19 has upended every aspect of American life, including significantly increasing the need to maintain and secure State and local networks, clouds, and end points,” the letter reads. “These systems provide critical services, particularly as residents increasingly telework, access State resources online, and depend on state and locally-owned and operated critical infrastructure including hospitals. State and local entities, however, have long lacked the resources to adequately secure and maintain their digital infrastructure.”
The letter was signed by the Computer Technology Industry Association, or CompTIA; the Software Alliance; the Alliance for Digital Innovation; the Cyber Threat Alliance; the Global Cyber Alliance; the Information Technology Industry Council; and the Cybersecurity Coalition. It follows on a similar request to Pelosi and McCarthy made last week by four Democratic members of the House Homeland Security Committee.
The industry groups note in their letter the steady rise in cyberattacks, especially ransomware, against governments over the past few years, but warn that the sudden shift to widespread remote work — coupled with the health threats posed by the novel coronavirus — make states and cities even more vulnerable.
“During this unprecedented period, State and local cybersecurity and IT workforces have seen their capacity diminished by health concerns and telework inefficiencies,” the letter states.
And an unprecedented need for government services to be delivered digitally, from unemployment benefits to COVID-19 screening to online voter registration, only heightens the need to invest in more cybersecurity resources, the groups argue. While social distancing mandates have made mass telework necessary, they say, it has resulted in government employees using personal devices that have not been vetted by IT security officials, an increase in the use of unsecured home Wi-Fi networks, rapid spending on third-party software that has not been adequately tested and significant increases in the costs of providing technical support to workers when an in-person help desk is unavailable.
Attacks against local governments have not slowed down — on Friday, the assessor’s office in Orleans Parish, Louisiana, reported it had been the victim of a ransomware attack.
Meanwhile, governors and mayors have started cutting their budgets as the economic collapse brought on by the pandemic hammers tax revenues. The National Governors Association, led by Maryland Republican Larry Hogan and New York Democrat Andrew Cuomo, have called on Congress to give states $500 billion to address revenue shortfalls. The governors got some good news Sunday, when Sens. Bill Cassidy, R-La., and Robert Menendez, D-N.J., proposed an aid package to states and cities.
The industry groups’ letter did not specify a specific amount of funding that should go toward state and local cybersecurity, though the House Democrats who made a similar call last week pointed to proposed legislation that would create a $400 million annual grant program.
Read the letter: