Three leaders of nascent efforts to share cybersecurity information and resources across local governments this week shared how they believe their organizations are finally making headway on raising awareness on a long-neglected issue.
San Francisco Chief Information Security Officer Michael Makstman and Boston CISO Greg McCarthy said Tuesday that their Coalition of City CISOs, which they founded in 2019, is gaining steam following a recent influx of federal support. McCarthy said the federal infrastructure law, which included a $1 billion cybersecurity grant program, is forcing collaboration.
“I think historically local government and the state have worked together, but minimally,” McCarthy said during StateScoop and EdScoop’s Cybersecurity Modernization Summit. “With the infrastructure bill requiring the state to submit the plan with input from local government, it is forcing local government to come to the table and have these conversations with our state partners and understanding what the plan is.”
McCarthy said the coalition built stronger ties between local governments and the Cybersecurity and Infrastructure Security Agency and set a channel for “constructive criticism” on how the federal government provides services.
In Massachusetts, new federal funding is being used to establish a “cyber liaison” who can help municipalities surrounding Boston to strengthen their cybersecurity, he said. Makstman said local governments everywhere should consider such “regional city CISOs” as a viable model for pooling resources during a period of heightened IT risk.
“We are seeing the threat of international conflicts spill over into local governments who we are being told are the best targets,” Makstman said. “Local government is right in the middle of everything that’s going on right now, and at the same time we’re seeing more effort in the federal government in actually helping to step up our game in cybersecurity.”
Makstman pointed to the Los Angeles Cyber Lab as an information-sharing organization worthy of emulation. He also announced work to develop a group of CISOs around the San Francisco Bay Area and proposed more local governments explore regional agreements or governance structures.
“Local government is really finding its footing right now,” he said.
Monsurat Ottun, an attorney and chief cybersecurity strategist for Providence, Rhode Island, said she’s convened a similar advisory council in her region that includes participation of CISA, the FBI, state officials and the private sector.
“We don’t need to have a different CISO for every single city,” she said. “I think it’s really important for us to pool our resources and think about what’s going to be the best across the state.”
Ottun said the group convenes monthly to organize how all the levels of government can work together most effectively — “It’s like our own little ISAC where we share information about technical threats and stuff like that,” she said.
The recent attention to local cybersecurity from the federal government, she said, has “allowed us to promote what we’ve been saying for years.”