Mission Viejo has been singled out as a “model for how cities can execute a robust cybersecurity plan on a smaller scale.”
Writing in Data-Smart City Solutions, Sari Larson highlighted both Los Angeles and Mission Viejo for their efforts in this critical and topical area. Larson is a research fellow with the Civic Analytics Network:
Cybersecurity isn’t a new priority for government, but investment in technologies and responsive policies that protect against attacks has lagged in recent years. Cyberattacks have evolved to become more sophisticated and complex, making it imperative that governments invest in technical and policy solutions that address the dynamic nature of these threats. Indeed, according to the National Association of State Chief Information Officers, cybersecurity was ranked as the number one strategic IT priority in 2015 for state and local agencies.
While experts in information security recognize the dire need for more attention on cybersecurity, it can be challenging to make it a priority throughout an organization. The key is recognizing the prolific threat of cyberattacks. “Living with risk is the new normal, and managing it is as an essential part of achieving optimal performance in digital government,” explains William Eggers, executive director of Deloitte’s Center for Government Insights. To stay ahead, government should evolve and build “strong capabilities for detection, response, reconnaissance, and recovery.”
Cities face challenges in protecting government data, yet investments in cybersecurity vary due to local priorities and strapped resources. Los Angeles, CA, the second largest city in the country, is investing in new technology and partnering with the private sector to spur innovation. The policies Los Angeles implemented can be scaled up or down depending on a city’s size and capacity. Mission Viejo, CA, a suburban city with a population nearing 100,000, serves as a model for how cities can execute a robust cybersecurity plan on a smaller scale.
The chief information security officer (CISO) of Los Angeles, Tim Lee, and the mayor of Mission Viejo, Frank Ury, represent cities that stand out in their efforts to make cybersecurity a top priority in California, a state facing the most network attacks of any other state in the United States, according to Akamai’s a real-time web monitor. Here are the key takeaways from these two very different cities that are both leveraging resources and instituting comprehensive response policies to be cyber resilient.
- Establish a Secure Funding Stream
As government becomes more connected and data-driven, it is crucial that agencies prioritize cybersecurity as a key expense in their IT budget.
Cities can use recent trends on the federal level to justify an increase in cybersecurity investment. A federal budget proposal for fiscal year 2017 revealed that the White House plans to increase its cybersecurity budget by 35 percent. Mayor Ury and CISO Lee encourage local governments to devote 15 percent of their IT budget to cybersecurity.
There is a local push to spend more money on cybersecurity to bolster two key technical efforts: situational awareness and threat intelligence. Situational awareness is a broad term used to describe the internal review process that allows an agency to evaluate the risk associated with all data assets and identify systems that require advanced security measures. Threat intelligence helps agencies understand the complexity and frequency of the different types of cyberattacks. A greater investment in cybersecurity will allow cities to be proactive about protecting government data. This investment also helps keep government running properly. Cities do not expect to function with their network down for a few days, so they should not expect their whole enterprise to be down for that amount of time, either. This scenario is entirely possible if cities undervalue the importance of cybersecurity.
- Hire and Retain Cybersecurity Talent
Government has always struggled to attract and retain tech talent, so it comes as no surprise that this trend persists in such a technical field as cybersecurity.
Bringing in a cybersecurity expert is expensive and many decision makers are unable to see the return of investment on having these experts on retainer. With tight municipal budgets, it can be difficult to plan for low-probability, high-risk scenarios. However, attacks are increasing in frequency and are more likely to penetrate a system that is poorly protected.
Mayor Ury and CISO Lee encourage cities to find room in their budgets for these specialists. Often the best way to do this is to hire a CISO who will work to protect the agency’s information by addressing the significant disconnect between policy and tech and prioritizing cybersecurity. Smaller cities that lack the capacity for a CISO could contract out or hire a part-time specialist.
A third alternative would be to coordinate a joint powers authority with other cities in the region. A shared services model would allow smaller cities to share resources and aggregate their spending to help buy cybersecurity services. In fact, Mayor Ury is working with other cities in Orange County to build a shared services network to support cybersecurity investment.
CLICK HERE to read the rest of the article.