Editorials: Cybersecurity doesn’t stop at the federal level — our states need help | John DeSimone/The Hill
This week, Congress reintroduced the State Cyber Resiliency Act, which encourages state and local governments to strengthen their defenses against cybersecurity threats and vulnerabilities. The bill, originally introduced in 2017, would create and authorize the Department of Homeland Security to run a grant program for states to develop, revise or implement cyber resiliency measures — including efforts to detect, protect, respond to, and recover from cyber threats. This legislation is good news for local government leaders, businesses and civilians who have been victims of ransomware and other forms of cyberattacks targeted at major cities. Local governments are an attractive target for malicious actors, including the massive cyberattack on the city of Atlanta last year and the recent ransomware attack in Albany, NY. As attacks increase in frequency and sophistication, increased funding at the local level is needed for cyber training and enhancing recruitment and retention efforts, ultimately helping ensure public safety. Just because a cyberattack is focused on one city — or even smaller, one sector of infrastructure within a city — does not mean the consequences are minor. In the example of the SamSam ransomware attack in Atlanta, the more than week-long event caused major disruption in five of the city’s 13 local government departments and ultimately cost the city $17 million. Impacting citizens, the system shutdown crippled the court system, limited vital communications involving critical infrastructure requests and forced the Atlanta Police Department to file paper reports. Empowering officials at the state and local level to easily detect and deter such preventable breaches like ransomware could save millions of dollars in damages.