How Local Governments in Rural America are Combatting Cybersecurity

Shane McDaniel, Director of Information Technology at City of Seguin

Shane McDaniel, Director of Information Technology at City of Seguin

Cybersecurity is all-inclusive, it doesn’t matter where you live, work, or play. The current state of cybersecurity is the most challenging aspect of my role in today’s technology ecosphere.There were 966 identified public sector ransomware attacks with a total impact in excess of $7.5 billion in 2019. As a rural community in South Texas, my organization has had over five million intrusion and three hundred impersonation attempts thus far in 2020. It’s an uphill battle for all IT professionals, with every organization literally a click away from unmitigated disaster.

At the time of this writing I have worked in technology for twenty-four years and witnessed the specialized cybersecurity field evolve from nonexistence to an essential need in seemingly the blink of an eye. The speed in which this specialized subsect of IT came to be has left many in local government scrambling to keep up. Local government budget cycles and financial limitations complicate neededorganizational cybersecurity evolution. If an organization has not dealt firsthand with a cyber incident wreaking havoc within their environment, it can be difficult for non-technical administrative staff to sign off on investingin staffing and other precautionary measures to protect fundamental business processes and infrastructure. It’s all part of that uphill battle.

Larger cities have accommodating budgets to afford resources, tools, and services, that’s not a luxury many inrural America have. Even if rural cities had accommodating budgets, they would be fortunate to find candidates with the fundamental skillset requiredand willing to work for less than what they would be making in a similar capacity for corporate America. Prior to working in local government,I worked in cybersecurity in the private sector. It was estimatedat that time the unemployment rate for cybersecurity professionals was near zero percent.We couldn’t keep positions filled with on average 25-40% higher salary ranges due to the competition for talent. Turnover in the field is substantial, further muddying the waters for long term organizationalsecurity needs.

It’s not all doom and gloom though, quite the contrary actually. Local governments have a litany of resources available to them at little to no cost. In 2019 my home state of Texas signed into law House Bill 3834, mandating annual security awareness training for local government employees. Resources were provided through the Texas Department of Information Resources (DIR) to help agencies become compliant. The DIR website itself provides an abundance ofknowledge sharingdocumentation and templates to aid in taking a more proactive approach in preparing for a cyber incident.

The state also stood up the Texas Cybersecurity Council, representinga public and private sector venture to ensure critical infrastructure and sensitive information is protected. The Texas Information Sharing & Analysis Organization (TxISAO)was established in 2019 and is a phenomenal resource for patches, updates, and awareness notifications. Texas also allows cybersecurity emergencies to be declared as disasters, meaning if a significant incident were to occur there are nowestablished procedures for government entities to leverage for immediate assistance.

For those outside of Texas, the Department of Homeland Security Cybersecurity & Infrastructure Security Agency offers services for entities to gain an advantage in securing their environments. CISA repscan offer state, local, and tribal governments services such as cyber resilience reviews, risk and vulnerability assessments, and pen testing. Steps have been taken at the federal and state level to address critical water and electric infrastructure security. The American Water Infrastructure Act requires drinking water systems serving more than 3300 people to develop or update risk assessments and emergency response plans. In 2019 the Texas Legislature passed Senate Bill 936 securinggrid infrastructure and cybersecurity monitoring for electric utilities. The Center for Internet Security’s Multi-State Information Sharing & Analysis Center is another valuable and free resource for government entities providing critical alerting information.

Being in Texas one of the greatest assetsto subsidizing organizational cybersecurity needs is the statewide organization for local government IT professionals TAGITM. The Texas Association of Government IT Managers is comprised of 350+ cities, counties, ISD’s, and affiliate members. Several of the member agencies are ahead of the game with cybersecurity staffing and despite being a large state, local government IT professionals are a close, tight knit community. In non-pandemic times the organization puts on an incredible annual conference and holds multiple regional education events across Texas. There is an active listserv that is invaluable for knowledge sharing and communication.

Recently TAGITM fostered the establishment of regional cybersecurity mutual aid agreements between agencies. A GIS map will be published soon on TAGITM.org showing participating members and contact information for those interested in joining. Due to the great relationships forged within the organization, prior to formalizing the mutual aid pacts assistance was never more than a phone call away. For our next-door neighbors looking to enhance their cybersecurity environments, organizational bylaws were recently updated to allow for neighboring state local government entities to join. Peers in Louisiana, Arkansas, and Oklahoma are now eligible to become members for a more advanced state of preparedness in the event of a cyber incident. That’s the beauty of working in local government, we’re not competing with one another. We’re incorporating measures andaligning resources to best protect our communities through a unified stance.

Read Also

Navigating the Changing Cybersecurity Landscape

Navigating the Changing Cybersecurity Landscape

Mark Leary, VP & CISO, Regeneron Pharmaceuticals
The Changing Facets in Enterprise Security Space

The Changing Facets in Enterprise Security Space

Greg Barnes, Global CISO at Amgen
Open Sources, Open Doors or How to Innovate in a Competitive Cloud Market

Open Sources, Open Doors or How to Innovate in a Competitive Cloud...

Garrick Stavrovich, the Lead Product Manager for Nasdaq’s Global Information Services
How AI will play a crucial role in the defense against cyber attacks

How AI will play a crucial role in the defense against cyber attacks

Scott Southall, Regional Head of Innovation, Asia Pacific, Citi
Building NextGen Enterprise Risk Management Capabilities

Building NextGen Enterprise Risk Management Capabilities

Chee Kong Wong, EY Oceania and EY Asia-Pacific Governance Risk and Compliance (GRC) Technology Leader
Implementing IAM to Boost Growth

Implementing IAM to Boost Growth

Tamsyn Weston, Head of IT Solution Development, EUROPEAN TYRE ENTERPRISE LIMITED