Iowa has developed a strategy that could help counties across the country better share information about cybersecurity threats, said Robin Harlow, the innovation and research manager for the Iowa Association of Counties.
During a presentation at the National Association of Counties’ Legislative Conference Chief Information Officer Forum Friday, Harlow said if other states adopted Iowa’s model, it could revitalize the currently dormant cybersecurity information sharing and analysis organization, or ISAO, for counties — and better protect local governments’ systems.
The Iowa Association of Counties set up a process where it collects information about potential threats and pours that data into a National Association of Counties-backed forum called a County Innovation Networks, or COIN. Through the COIN, counties can share information and best practices on addressing threats, he said.
In Iowa, some rural counties don’t have cybersecurity-focused staff, and county auditors with no technological background get stuck managing IT systems and securing government networks.
The COINs, he said, help make the task of handling cybersecurity more manageable.
“We’ve established a secure environment that’s going to allow us to have the educational opportunities and information exchange and also provide support to these smaller counties,” Harlow said.
During his presentation, he pressed other state county organizations to set up their own mini-COINs that would, in turn, feed information to the nationwide ISAO for counties. The basis for the ISAO — dubbed the U.S. Counties Cybersecurity ISAO Clearinghouse — is already in place, Harlow said. It’s just a matter of getting other states and counties on board.
In Harlow’s vision, the mini-COINs would give nontechnology officials access to critical cyberthreat information they need to make decisions.
“ISAOs give us the ability to have these conversations with people who don’t have a technical background but end up managing technology,” Harlow said.
Harlow doesn’t have a timeline for how soon the coalition of mini-COINs could come to fruition, and noted that the work he’s pioneered in Iowa is still in its early stages. Overall, the efforts to share information with other governments on a broader scale is designed to help county governments big and small continue the conversation around cybersecurity and ultimately better protect the personal data of citizens, Harlow said.
“It’s not about having a cybersecurity month in October, it’s about having a contact with [a cybersecurity-focused] individual maybe once a week,” Harlow said. “I think the ISAO conversation is about how do we get these on these [non-technology] officials’ radar.”