A group of local-government cybersecurity leaders agreed Thursday that their organizations’ cultural attitudes pose some of the greatest roadblocks to more secured systems.
The challenges, they said, include walled-off agencies, employees’ discomfort with mandatory trainings and users’ unease with increasingly standard procedures like multi-factor authentication and single-sign-on protocols. But those mindsets can ease the path for malicious actors seeking to freeze up government networks with ransomware or disrupt critical infrastructure like power and water facilities.
“The biggest issue is culture,” Shannon Lawson, the chief information security officer of Phoenix, said during an online event hosted by Data Connectors, a professional network for the cybersecurity industry. “We have a lot of siloed departments. We have a lot of people who still think this problem isn’t going to happen to us. These mistakes are costly.”
Dallas CISO Brian Gardner said his job has been made somewhat easier thanks to statewide regulations that require cyber hygiene training at least once annually for all state- and local-government workers. The regulations, which went into effect with a 2019 law, also give officials like Gardner the power to restrict network access for employees who refuse the trainings.
“It’s a little bit of a mountain to climb,” he said. “I got lucky.”
But training requirements with teeth only go so far. Maricopa County, Arizona, CISO Lester Godsey said the upheaval in government technology brought on by COVID-19 has brought many challenges related to how people interact with digital services, which have radically changed the user experience.
“We’ve all faced challenges with the accelerated availabil ..
Support the originator by clicking the read the rest link below.
