Recasting cybersecurity as another essential public service, just like safety or water or electricity, can help local government leaders make the case for cybersecurity funding. Here’s how.
There is a unique and often overlooked inverse relationship between the size of public sector government entities and the impact they have on the residents who make use of public services. This relationship creates a disproportionate burden on local governments, which may be small in size but have a large potential impact on the daily lives of their constituents.
It is most often the local governments that are responsible for the delivery of essential services such as public safety communications, power generation and distribution, water treatment and waste removal. And, when such critical infrastructure is compromised by a cybersecurity event, such as a ransomware attack, the lives of local residents are upended.
In effect, the expanding modern attack surface appears to create a disproportionately larger “affect” surface as the size of the jurisdiction gets smaller.
Cyber criminals don’t discriminate based on size when attacking government entities: any jurisdiction is fair game, from the largest federal agency down to the smallest city government. Because cybersecurity funding is very limited in local government, county and city officials should consider ways to increase public awareness of the need for increased investment in cybersecurity by tying it to existing public services that are fully supported and admired by constituents and to campaigns that will garner broad public support, such as reducing the “digital divide.”
3 Ways Local Governments Can Change the Cybersecurity Conversation
Here are three ideas for how local governments can change the dialog around cybersecurity to help constituents understand the importance of investing precious public resources in such efforts:
- Include cybersecurity as a key element of public safety. The cybersecurity budget line item in state government is less than 3 percent of the total IT budget, according to a 2018 study by the National Association of State Chief Information Officers (NASCIO); anecdotally, we hear that the local cybersecurity budget is often even less. Public safety is a much larger component of local budgets, in part because the public can see where their tax dollars are going in the form of more police officers and firefighters. Yet, cybersecurity is essential to keeping increasingtly internet-facing critical infrastructure safe and secure. It is a true statement that “cyber tools don’t rescue cats from trees,” so it is unlikely that they will ever be valued as highly by local taxpayers. But what if we spoke of cybersecurity in the language of public safety? For example, framing predictive prioritization of cyber vulnerabilities as an essential public safety measure — much like local governments justify the spending on tools like CompStat for law enforcement or SeeClickFix systems for community alerts — would demonstrate that public funds are being used as efficiently as those used to address violent crime and quality-of-life needs.
- Make cybersecurity a community campaign. If public services go down then everybody suffers, especially the most vulnerable in society. Homebound seniors may see interruption in their remote medical devices if power is lost. Low-income residents may not be able to get to work if public transportation is interrupted. And a loss of public safety communications, such as 911 service, can lead to loss of life. All of these scenarios are acutely felt at the local level and will certainly affect a large segment of the population. Avoiding these interruptions is thus a community responsibility and can be used as justification to rally support for public campaigns to improve cyber hygiene and increase awareness of cyber threats.
- Utilize cybersecurity curriculum in K-12 education in to shrink the digital divide. Internet of Things (IoT) and web-based applications to streamline service delivery are showing great promise but they also have the potential to widen the digital divide. Cities are making broadband access available to larger segments of residents but it may not be utilized equally by all. Promoting cybersecurity skills and tools in K-12 education can help close this divide by making cyber careers more accessible to a larger swath of the community, breaking down barriers of entry to IT careers and affecting multiple generations, as students instruct their parents and other family members on the importance of cybersecurity and the value of digital transformation.
Helping residents understand the link between cybersecurity and the most basic public services is an important step in making the case for increased funding. These three ideas are one way for officials to begin the conversation and raise awareness of the importance of keeping critical infrastructure safe and secure.
- Read about Tenable’s Predictive Prioritization offerings.
- View the on-demand webinar Cybersecurity in Public Sector: 5 Insights You Need to Know.
- Read about Tenable’s Operational Technology solutions.