State-Federal collaboration is going to be essential in combating state and local cyber threats, according to witnesses at a cybersecurity congressional hearing on Tuesday.
“States have constantly ranked their cyber capabilities among the lowest capabilities,” said Rep. Dan Donovan, R-N.Y. “What is preventing us from reaching an appropriate level of cybersecurity?”
“This has to be one team, one fight,” Mark Ghilarducci, director of Emergency Services in the Office of the Governor of California, told the subcommittees on Cybersecurity, Infrastructure Protection, and Security Technologies and Emergency Preparedness, Response, and Communication.
Ghilarducci noted that California had already established a California Cyber Integration Center (Cal-CSIC) to expand on information-sharing within the state. Similarly, New York deals with cybersecurity problems through its New York State Intelligence Center (NYSIC), which operates as a fusion center of state, local, and Federal information. Yet these types of centers have had more success coordinating within the states rather than with Federal and other state agencies.
Robert Galvin, chief technology officer for the Port Authority of New York and New Jersey, told the committee members that the Federal focus should be “making sure there are plans in place to respond, and that there is coordination between organizations, not just within an organization.”
“There is no one organization that is responsible for coordinating a response to a coordinated attack,” he said.
Even when communication between Federal agencies and states does occur, the information is not sufficient to protect state cyber interests.
“More often than not, fusion centers do not receive cybersecurity information in a timely manner,” said Lt. Col. Daniel J. Cooney, assistant deputy superintendent for the New York State Police’s Office of Counter Terrorism. He also found that the information that his state’s fusion center did receive was often too classified to be sent to the appropriate responders in the state.
“Every level of government is constantly having to face and respond to these threats, so we all have to work together,” Rep. John Ratcliffe, R-Texas, agreed with the witnesses.
Three of the five witnesses listed having an avenue for collaboration and information sharing as a top issue for states. Other major issues addressed were workforce deficiencies, readiness, and education.
“People with IT security skills are the most difficult to recruit and retain for states,” said Brig. Gen. Steven Spano, president and chief operating officer of the Center for Internet Security. He encouraged an increased emphasis on science, technology, engineering, and math (STEM) in K-12 education, to create a larger pipeline of IT professionals in the future.
“Education is essential,” Galvin agreed, asking the committee to consider sponsoring a national cybersecurity education campaign. He also proposed increased education and training of current response personnel, citing the fact that standard terrorism response teams receive regular training and testing of their preparedness. “Cybersecurity professionals can benefit from the same rigorous testing of our readiness,” he said.
“We are at an age of transitioning into a next-generation cyber community,” Ghilarducci said.