Governing: Are States Taking Cybersecurity Seriously Enough?

08.12.2019 / By KATHERINE BARRETT & RICHARD GREENE
Governing: Are States Taking Cybersecurity Seriously Enough?

“Cabinet-level positions reflect priorities,” says John Marion, executive director of Common Cause Rhode Island, which is focused on election security. “Eliminating this independent office has lowered the priority of cybersecurity in Rhode Island state government.”

A spike in cyberattacks in recent months has left state and local governments reeling. Baltimore faces more than $18 million in losses following a May ransomware attack. Several Florida cities were hit in June. And Los Angeles police data was hacked in late July.

2018 report from the National Association of State Chief Information Officers (NASCIO) found one unidentified state undergoing 300 million attacks a day — up from 150 million two years before. Cybersecurity and risk management is at the top of CIOs’ list of 10 priorities for 2019, according to an annual NASCIO survey.

Rhode Island was making it the biggest priority. In 2017, it became one of only two states with a cabinet-level cybersecurity position. (The other is Idaho, according to Meredith Ward, NASCIO’s director of policy and research.)

But this pioneering approach wasn’t long-lived in Rhode Island.

Last month, the position was removed from the state’s 2020 budget. High-level officials in the state, including its CIO, are confident that cybersecurity will continue to be a priority, but others worry it will receive less attention.

“Cabinet-level positions reflect priorities,” says John Marion, executive director of Common Cause Rhode Island, which is focused on election security. “Eliminating this independent office has lowered the priority of cybersecurity in Rhode Island state government.”

See More: Election IntegrityVoting & ElectionsVoting & Elections