Public Safety Seeks Affordable Cybersecurity Training
The value of cybersecurity training for local public safety agencies may outweigh its cost, Texas fire and police officials said in testifying Thursday at a field hearing of the House Homeland Security Subcommittee on Cybersecurity at Austin College in Texas. But providing staff with affordable training can be a challenge, they said. Finding skilled staff also is difficult, a state-and-local panel said at a workshop in Gaithersburg, Maryland, on the National Institute of Standards and Technology’s Cybersecurity Framework (see 1604060047). Separately, the National Association of State Chief Information Officers (NASCIO) released a states’ guide to cyber disruption response planning.
Sign up for a free preview to unlock the rest of this article
Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!
At the House cybersecurity hearing, Chairman John Ratcliffe, R-Texas, said the public safety officials’ testimony will help his subcommittee assess cyber training and workforce needs at state and local levels. “Cybersecurity is a shared responsibility including all levels of government and the private sector,” he said. “While much has been done to improve our nation’s cybersecurity, there are a number of challenges that remain."
Access to adequate cybersecurity training yields great value to the community, said Don Waddle, a retired detective from the Greenville (Texas) Police Department. “I’m grateful for the training that I received, but my citizens were the major benef[iciaries] of that training because I was able to do a better job for them.” Rep. Michael Burgess, R-Texas, said Congress should remember that value when scrutinizing the price tag. “Everything is looked at as a cost, but as I listen to you provide your testimony, it also occurred to me that there was value brought back to your department in Greenville [and] you brought value back to the community.”
Police recognize the need to do more cyber training, but there needs to be more affordable access to timely training, said Lt. Richard Wilson of the Dallas Police Department. Funding is a big challenge, and scholarships for training would help keep public safety officials up to date on how to defend against cyberattacks, he said. The Dallas police rely heavily on computer networks, and it’s a big problem if they fail, he said.
Affordable training is available to public safety providers, but there is low awareness of how to access it, said Alphonse Davis, deputy director of the Texas A&M Engineering Extension Service (TEEX). With funding from the Department of Homeland Security and the Federal Emergency Management Agency, TEEX has trained 32,000 people across the U.S., “but when we look at what portion of those numbers come from the state of Texas, for example, or if I go to state and local districts, those numbers are very, very small.”
Retention of skilled cybersecurity workers is a challenge for local governments, said panelists at the NIST workshop. The two-day event was to gather input for updating the voluntary framework that was released in February 2014 and is designed to help organizations manage cybersecurity risks (see 1602240065). It’s difficult for state and local governments to pay people with cyber skills what they should be paid, said Michael Dent, chief information security officer for Arlington County, Virginia. “And then when we get them trained up to that skill level, they’ve got that bright offer somewhere out there so then they leave.” Dent said he’s been understaffed for a long time, but expects he will add some new people soon. “I’ve not had any increase in staff in over 15 years, and now I’ve got the hope of having two.”
Similarly, Colorado got funding to buy cybersecurity tools, but “one of the things we’re having problems with is having the appropriate staff to actually be able to implement the tools in a timely manner to be able to use them effectively," said Alfred Anderson, an official from the state. "We have the tools, we have the strategies, we know what controls we’re going to implement, [but] we don’t have the staff to do it,” he said.
NASCIO Guidance
States must develop, enhance and test capabilities for responding to cyberattacks that could disrupt continuity of government, NASCIO said as it released a cybersecurity guide on Thursday. The guide includes a report on cyber disruption response planning, a checklist and a cross-functional process description. “This guide is both a practical implementation document and a call to action for states to develop state cyber disruption response plans,” said NASCIO President Darryl Ackley, cabinet secretary for the New Mexico Department of Information Technology. “We’ve provided guidance on how to get started and who needs to be engaged.”
Collaboration and integration are critical aspects of a strong response to cyberattacks, the guide’s authors said. “With support from the U.S. Department of Justice, Bureau of Justice Assistance, NASCIO is focusing on cyber disruption response planning guidance to help states begin to develop an approach that brings together various agencies such as Homeland Security, law enforcement, emergency management and the National Guard,” NASCIO Executive Director Doug Robinson said. “Cybersecurity is a team sport and these partners bring the necessary capabilities for responding to a major cyber event that could have dire consequences.”
The NASCIO cybersecurity guide is version 1.0; it will be updated with input from states and other stakeholders, Ackley said.