ON THE RECORD/Locals call for more help on cybersecurity
Last year, the Metropolitan Information Exchange (MIX), an organization of city and county chief information officers from the nation’s largest jurisdictions, surveyed its members about cybersecurity issues. Fifty-nine MIX members were asked questions about their knowledge of cybersecurity programs, the level of protection in their own jurisdictions and the role of the federal government in helping secure cyberspace, and many reported they could use some help. American City & County talked with Janette Pell, CIO for San Luis Obispo County, Calif., and immediate past president of MIX, about the survey’s findings, the major cybersecurity threats and the preparedness of local governments.
Q: What did you think about the survey’s findings?
A: What the findings said to me was that there are a lot of programs out there that we just don’t know about. We have no idea what is available to us, such as training and just the programs themselves. If you look at our results, a lot of people just said ‘I’ve never even heard of this.’ I’m hoping that the Department of Homeland Security can take that to heart. Because if a disaster occurs, it’s going to start locally, so we need to be involved at some level. It would be really helpful if we knew if there were any resources for us.
Q: What prompted your interest in cybersecurity?
A: It’s one of those things that we at the local level need to be concerned about everyday. Everything is done on computers now. If you have a network outage or your e-mail goes down, it’s just like having your telephone go out. We rely on it, and we don’t realize [it] until it’s not available. One of those things that keeps you up at night is how do you ensure that you protect not only the network but the data. We have very sensitive information. Those are the two areas that make me nervous and why I think it’s so important that we protect [our] assets.
Q: What are the major cybersecurity threats facing local governments, and with what issues do they need the most help?
A: The worms and the hacking into [the] network. It’s amazing to me how people are spending so much time trying to hack in. It seems to be kind of a fun game or something, and it’s very nerve wracking. We’ve taken many precautions here that I’m able to say, ‘Well, that one didn’t get us, and that one didn’t get us.’ I worry about the time that somebody is smarter than us and gets us, because that’s happened to other jurisdictions. When you’re down for a couple of days, it just doesn’t bode well.
Q: Are local governments prepared for cybersecurity threats?
A: We’re definitely getting better prepared. There’s a lot of collaboration, but it would be really nice if we could get some support at a higher level. The feeling I got from the survey and from the results is, we don’t need that much help. We’re pretty self-reliant, because we have to be, but if there are areas such as training or guidelines, maybe exercises, alerts, those types of things that we could collaborate on, that would be helpful.
Q: Is there much cooperation between state and local governments to address cybersecurity?
A: You’re going to see that local governments are working better together. We’re getting more attention from the states but not as good as it could be. There’s definitely room for improvement. There’s a ton more opportunity for collaboration.
For more about cybersecurity, see “The virtual enemy,” on p. 32.