Right now, Congress is considering a myriad of bills on cybersecurity. The most pitched public debate has surrounded the private sector, civil liberty, and privacy concerns. However, state and local government participation is crucial to securing our citizens’ safety. That’s why NLC and other state and local organizations sent leading stakeholders in Congress a letter with “key principles and values” to consider in any cybersecurity legislation.
While the Administration has taken many steps on its own, new legislation is necessary to codify how federal, state, and local actors share information, and what steps the federal government can take to secure cyberspace. That is why NLC passed a resolution at its 2011 Congress of Cities urging further federal action and intergovernmental collaboration to improve our defense against cyber threat at all levels.
The internet was built as an open resource sharing platform to foster innovation. Forty years removed from its humble roots as an academic curiosity on a few university campuses and government labs, the internet has infested every facet of our lives. With more than half of wireless phone subscribers now on a “smartphone,” the only place it did not impact lives – when we walked out the front door – has officially been removed.
State and local governments are as reliant on the internet as their citizens. Municipalities utilize the internet to ease access to city services such as driver’s licenses, manage employee affairs, help first responders communicate, and implement efficiencies in the delivery of everything from unemployment services to water and electricity. While the internet has afforded us astounding conveniences and efficiencies, it also has forced us into a compromising situation. If the services we rely on to control traffic lights and send colleagues and loved ones crucial information is built on an open platform built for sharing information, how do governments protect sensitive data and crucial systems from bad actors?
It’s an issue all those who provide services are coping with, and because of this dilemma, municipal governments are at risk.
Some of the threats would seem funny if they weren’t so perilous. For instance, last month the District of Columbia and New York City’s local government websites were crippled by hackers who were angry at the federal government. It was somewhat ironic for D.C. citizens who are not represented in Congress; as a local website lamented, “We have no voting rights, and now no Internet access to local government websites.”
Other threats are much more serious. Governments are targeted for economic reasons, such as when a locality’s payroll or other account is hacked. While we have not had a crippling attack that has caused physical damage to critical infrastructure or extreme hazard to citizens, such as shutting off power to a city or adjusting the chemical formula at a water purifying plant, these serious scenarios are not far-fetched blockbuster movie ideas. Cyber incidents with hackers attempting to infiltrate utilities have already occurred. It only takes a disgruntled employee, wrathful citizen, or international actor with bad intent and the correct skills.
Three years ago, President Obama sounded a warning bell with a speech on cybersecurity, stating “it’s now clear this cyber threat is one of the most serious economic and national security challenges we face as a nation.” Since that time the Department of Homeland Security (DHS) and other entities within the federal government have collaborated with the private sector, as well as state and local governments, to defend against and respond to cyber threats. This year, DHS is requesting Congress appropriate $769 million, much of which is for “enhancing outreach to State and local governments and critical infrastructure sectors.”
Thanks to this commitment, federal, state and local government actors can collaborate to defend against these threats through entities such as the Multi-State Information Sharing and Analysis Center (MS-ISAC). A 24/7 cybersecurity operations center, the MS-ISAC acts as a public sector “SWAT” team, providing real-time network monitoring, early cyber threat warnings and advisories, vulnerability identification and mitigation and incident response.
As far as codifying and enhancing these efforts, NLC and its allies believe the principles we set forth in our letter to Congress are a sensible place to start. NLC is committed to working with Congress and the Administration to ensure that municipalities have the tools they need to secure their critical infrastructure and keep their citizens safe. There is much work left to do at every level. If the internet has taught us anything, it is that we are much more powerful collaborating to find innovative solutions rather than leaving it to each community to tackle the problem alone.