Recently Governing magazine reported on the Beyond the Beltway event in Washington, D.C., where technology industry executives heard from government chief information officers regarding major tech investments that cities, counties, and states are expected to make in the coming year. The Center for Digital Government’s Vice President of Research Joe Morris emphasized cybersecurity as a top priority for local government IT spending, and pointed to the potential of long-term financial consequences for governments that fail to commit to increased cybersecurity spending.
The article remarks: “Citing the rise of ransomware attacks over the past year, as well as the increasing dollar amounts of ransomware demands, Morris noted that real financial consequences above and beyond ransoms are also starting to emerge. Financial ratings companies are now paying attention to cyber-related vulnerabilities from government organizations.”
Morris’ point regarding the increasing awareness of financial ratings companies towards cyber-related vulnerabilities underscores the crucial nature of a strong cybersecurity infrastructure at all levels of government. There is a much stronger chance of attack when the federal, state, and local levels are not completely aligned on policy. As we uncovered in our just-released white paper (“Stealing from the States: China’s Power Play in IT Contracts”), The National Association of State Procurement Officers (NASPO) does not currently consider cybersecurity during their evaluations of state contracts with foreign corporations. While federal policy directs information security for federal agencies, states must determine their information security standards, creating a patchwork network of cybersecurity standards that does not effectively deter potential threats.
As a starting point, we recommend that NASPO lead the way in this regard by partnering with federal agencies such as the Department of Commerce or Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency (CISA) to develop recommendations for assessing the security of products. This will align state and federal policy and prevent the threats mentioned by Morris from becoming a reality.