By Harry D. Raduege, Jr., Lieutenant General, USAF (Ret.), CEO of the NCC and Mark Weatherford, Chief Strategy Officer of the NCC
State, local, and federal governments are grappling with how to adapt and respond to an increasingly vast and evolving cybersecurity threat landscape.
The frequency and severity of cybersecurity attacks in the United States are accelerating at an alarming pace. These incidents don’t discriminate – they target any and all sectors including state and local governments, our military, critical infrastructure, entertainment, and financial institutions.
According to a recent analysis by Verizon, approximately 11 percent of cybersecurity incidents last year involved the public sector – our government. Governments at the federal, state, and local levels are top targets for cyber criminals and, unfortunately, IT workers often lack the resources and training to prepare for such attacks. Government organizations need a new sense of urgency that focus their attention on fortifying their institutions and building a culture of cyber resilience nationwide.
The federal government is responding to the rise in cyber threats by investing in cybersecurity infrastructure. President Biden signed the Executive Order on Improving the Nation’s Cybersecurity in May of 2021, which removed barriers to sharing threat information within the federal government, modernizes federal government cybersecurity, and establishes a Cyber Safety Review Board. While this is a good first step towards a more secure United States, there is much more that both the federal government and state governments can do to arm themselves against attacks. Most importantly, government employees must be made aware of their role in the fight against cyber-attacks, and the need for continuous training and preparations against these threats.
COVID has made cyber threats more prevalent and with more Americans working from home than ever before, bad actors are taking advantage of citizens and technology gaps in numerous new ways.
A major emerging threat we see targeting individuals online continues to be misinformation and the increasing use of deepfake-related technology to perpetuate scams and false information. Additionally, as deepfake technology improves – that is, the ability to generate fake images or videos of real situations or persons – there is growing concern about how this can be used to fuel misinformation – from consumer scams to international disruptions.
Another major threat we are seeing is a rise in phishing attempts against individuals. Americans need to be on much higher alert for fake email attempts or suspicious links that could lead them into a trap, ransoming their data for payment from them, or their organization.
It is imperative that elected officials at every level, in particular state and local officials, are aware of these threats and communicate about them to their communities. Additionally, elected leaders at every level of government need to be vigilant and forward-leaning in their support of cybersecurity initiatives in a rapidly changing threat environment. Policies take time to change – but practicing smart cybersecurity hygiene and promoting a culture of smart cyber practices is essential.
While all Americans must remain vigilant against cyber threats, state leaders themselves are often a target for bad actors because of their position as an entrance vector to many other sectors.
Because of this, private sector organizations are stepping forward to educate elected officials on best cybersecurity practices. The National Cybersecurity Center’s “Cybersecurity for State Leaders” program trained 1,300 state and local leaders nationwide during 2021 on cybersecurity best practices. But all Americans can benefit from this type of training, which is why the NCC makes their programming available to anyone who wants to take it on YouTube and through their text-to-learn program.
We believe the rise of cyber-attacks will only continue to accelerate in 2022 and urge our government at every level to put more resources and training into protecting Americans.