State and local governments facing unprecedented cybersecurity needs are taking their concerns to the federal government. The House Homeland Security Committee held a panel earlier this week, which gave beleaguered officials the opportunity to make their case for federal assistance, StateScoop reports.
As the outlet notes, Riviera City, Florida paid $600,000 in ransom last week after the municipality complied with hackers’ demands after a ransomware infection. For a 35,000-person city like Riviera City, the resources to fend off such attacks are virtually nonexistent, but major cities can also fall victim.
Atlanta Mayor Keisha Lance Bottoms discussed her city’s struggles after a ransomware attack in March 2018 wrought havoc on government functions such as court scheduling and utility bill payments.
“It’s important for federal funding to trickle down to our cities like Atlanta and smaller cities to allow us to be able to buy insurance and build stronger systems,” Bottoms told the panel. “When we experienced our cyberattack, it was clear we were not prepared. We had not made the necessary investments. We were putting patches on gaping holes.”
The vulnerabilities of Atlanta’s information technology were known risks as the city’s IT had been flagged for running nearly 100 servers on a long-unsupported version of Windows. Bottoms’ administration refused to cooperate with the hackers, opting to invest $7.2 million so far in recovery instead of paying the $51,000 ransom. Estimated costs of recovery could soar to $17 million, similar to the $18 million Baltimore is expected to pay for the ransomware attack that occurred last month.
In response to these issues, Rep. Cedric Richmond, D-La., who chairs the Homeland panel’s cybersecurity subcommittee, said he is working on a “comprehensive package” to bolster cybersecurity at the state and local government level.
However, experts such as Frank J. Cilluffo, the director of Auburn University’s McCrary Institute for Critical Infrastructure Protection and Cyber Systems, warn that funding is not enough. “Simply throwing money at the problem is not the answer,” he said at the panel.
Thomas Duffy, the senior vice president of the nonprofit Center for Internet Security, which operates the Multi-State Information Sharing and Analysis Center, voiced support of greater coordination between state and local governments. “Our success or failure will be determined by our ability to work together at all levels of government,” he added at the panel.
“We’re seeing that as more and more entities are being attacked, we’re very vulnerable and we just don’t have the resources to put into our cyber infrastructure the way we do our sidewalks and roads.”
To promote less dependency on the federal government, Cilluffo suggested that federal grants should require states to put up matching funds. Bottoms agreed, citing how matching funds for transportation projects spur investment on the state and local level.
Overall, the panel left Bottoms hopeful that increased federal support is on the horizon. “It is very encouraging just to have [Congress’] interest in cities and ways they can assist,” she said. “We’re seeing that as more and more entities are being attacked, we’re very vulnerable and we just don’t have the resources to put into our cyber infrastructure the way we do our sidewalks and roads.”