Coordinated effort needed to stop hackers in tracks
The U.S. is facing a shortage in cybersecurity talent, with thousands of well-paying positions going unfilled . ... It’s a win-win – equipping our residents with skills to succeed and boosting both our economy and cybersecurity capabilities.
Cyberattacks are on the rise and so are the impacts to everyday life. Health care systems in multiple states have been hit with ransomware attacks, forcing canceled surgeries, delayed treatments and diverted ambulances.
Hackers have accessed city water treatment plants, attempting to alter chemicals in the local water supply. In one of the more well-known incidents, hacking activity triggered the shutdown of a major energy pipeline in 2021, disrupting fuel supply up and down the East Coast.
From governments to businesses to individuals, we all have a role to play in cybersecurity. And coordination – between the public and private sectors, and among federal, state, and local governments – is critical.
Officials representing all these sectors are gathering in Columbus this week for the fifth National Summit on State Cybersecurity. Organized by the National Governors Association, the summit is an opportunity for those on the cyber frontlines to strengthen cooperation and share knowledge.
As governors prioritizing cybersecurity in our states, we welcome the chance to collaborate on bipartisan solutions.
The need for action has never been more urgent. Even before Russia’s invasion of Ukraine raised cyber threat levels, ransomware attacks – in which hackers demand payment to retrieve access to data and systems – jumped 78% between 2020 and 2021, according to cybersecurity analysts. Attacks on schools, health care, and federal, state and local government agencies have skyrocketed, accounting for more than 2,300 incidents in 2020.
Smaller towns and organizations often lack the personnel and financial resources, including technology and software currency, for thorough cybersecurity protections – making them especially vulnerable.
Congress recently approved $1 billion in funding for state and local cybersecurity grants under the bipartisan Infrastructure Investment and Jobs Act. This historic investment is a good start, but there’s more policymakers can do to strengthen federal-state partnerships, including a continued commitment to funding and close coordination with states to develop uniform guidelines for private utilities and other critical infrastructure.
The impacts of cyberattacks aren’t contained by state or county lines. Response time is critical, but the reality of different cybersecurity resources and standards in different areas can hamper a coordinated response, particularly the speed to identify and remediate a cyber event.
That’s why states are getting creative to stretch dollars and stitch local capabilities into a cohesive shield.
One of the ways we’re doing that in Ohio is through the Ohio Cyber Reserve, a civilian volunteer cyber force established in 2020 under the command of the adjutant general. In coordination with the Ohio National Guard, the Ohio Cyber Reserve is organized into regional teams of trained and certified cybersecurity experts across the state, ready to deploy and respond anywhere in Ohio where a cyber incident occurs.
The adjutant general also leads the Ohio Cyber Range, which is a technology platform used by Ohio’s universities, technical schools, and high schools to train the next generation of cyber professionals. Ohio has also recently created a new cabinet-level position within the governor’s office to guide Ohio’s wide-ranging cybersecurity efforts across state agencies.
North Carolina’s whole-of-state strategy includes a Joint Cybersecurity Task Force. Formally established by the governor’s executive order in March 2022, the task force encompasses the state’s Department of Information Technology, Emergency Management, National Guard and Local Government Information Systems Association Cybersecurity Strike Team, and it fosters cooperation between the public and private sectors to fight cyberthreats to critical infrastructure.
Adding to its arsenal, North Carolina also enacted legislation that prevents government entities from paying ransomware.
It’s no coincidence that the National Guard plays a central role in each plan. Cybersecurity incidents have evolved well beyond the mere breach of personal data – as serious as that is – to transnational threats that impact our national security, health, safety, well-being, and economy.
We need workers for these efforts, and that’s where students, parents, and schools come in. The U.S. is facing a shortage in cybersecurity talent, with thousands of well-paying positions going unfilled. That’s why many states, including ours, are prioritizing computer science and cybersecurity education. It’s a win-win – equipping our residents with skills to succeed and boosting both our economy and cybersecurity capabilities.
The cyber threat is complex and evolving, but our states are up to the challenge.
Mike Dewine is the governor of Ohio. Roy Cooper is the governor of North Carolina.