December 20, 2023 at 08:00AM
Michael Gregg, CISO for North Dakota, discusses leveraging grants to reduce cyber insurance costs for municipalities. The US Infrastructure Investment and Jobs Act enables states to enhance cybersecurity through the State and Local Cybersecurity Grant Program. Connecticut’s CISO, Jeff Brown, emphasizes the importance of collaboration and support to improve cybersecurity at the local level. There is also a discussion about partnering with vendors to provide security tools and efforts to address the talent gap in the public sector.
The key takeaways from the meeting notes are as follows:
1. State CISOs, such as Michael Gregg of North Dakota and Jeff Brown of Connecticut, are focused on leveraging funding from grants to implement cybersecurity controls such as endpoint detection and response, antivirus, and security awareness training in order to reduce cyber insurance costs for municipalities, schools, hospitals, and other government agencies and facilities. They emphasize the importance of creating long-term cost savings while frontloading the costs of implementation to create a sustainable security system.
2. The US Infrastructure Investment and Jobs Act (IIJA) of 2021 has established the State and Local Cybersecurity Grant Program (SLCGP) to provide funding for cybersecurity initiatives. State CISOs and task forces are challenged with using this funding wisely to avoid building infrastructures with long-term obligations that outlive federal grants.
3. State CISOs find value in directly collaborating and sharing threat intelligence with their counterparts in other states, as it allows for faster and more actionable data. They also leverage resources such as free MS-ISAC tools and services and engage in cross collaboration to share threat intelligence within their states.
4. Collaboration between public and private sectors is recognized as essential for effective cybersecurity. States are setting up agreements with vendors to provide security tools to local operations in order to make federal grant funding go further. These agreements allow states to provide tools to smaller governmental entities at free or highly discounted prices, while ensuring compatibility and integration of the tools.
5. The public sector faces challenges in finding trained cybersecurity staff willing to work for less pay than comparable private sector positions. States are exploring innovative approaches such as recruiting and training nontraditional cyber talent through programs and partnerships with local entities, as well as offering internships to provide practical experience.
These takeaways highlight the proactive efforts of state CISOs in allocating resources, facilitating collaboration, and addressing challenges to improve cybersecurity in their respective states.