States Urged to Address Cybersecurity Risks as Responsibility Shifts Away from the Federal Government
PR.com
2025-05-06
New York, NY May 06, 2025 --(PR.com)-- With the Trump administration’s recent executive order shifting greater responsibility for cybersecurity to state and local governments, the non-profit, non-partisan Cyber Readiness Institute (CRI) warns that the need for strong and proactive approaches to cyber defense has never been greater.
“U.S. adversaries have already demonstrated their ability to infiltrate key sectors, including telecom, water, and power,” CRI’s managing director Sasha Pailet Koff said. “Risks are no longer limited to data breaches and espionage — they now extend to disrupting critical infrastructure that supports daily life. States simply cannot wait for another catastrophic attack to act; they must take decisive action now to fortify their defenses against cyber threats.”
Koff and her CRI colleagues – which includes member companies such as Apple, MasterCard, Microsoft, and T-Mobile – have identified 10 easy-to-implement steps that state officials can take to improve cybersecurity:
1. Enhance Public-Private Collaboration
Public-private partnerships provide effective ways to leverage expertise and resources without being cost-prohibitive. Create advisory boards with cybersecurity experts from the private sector and academia and hold regular threat-sharing meetings to inform officials of emerging cyber threats and improve communication.
2. Invest in Cyber Workforce Development
Create workforce development programs to attract and retain top cybersecurity talent. Offer competitive salaries and benefits for cybersecurity personnel in government roles. Reach out to IT professionals recently cut from the federal workforce, partner with colleges to create cybersecurity training programs, provide scholarships or loan forgiveness for students who commit to working in state cybersecurity roles, and establish apprenticeship programs to help train individuals with the aptitude and willingness to learn.
3. Mandate Stronger Cybersecurity Standards for Critical Infrastructure
Ensure that private companies managing critical infrastructure — such as water utilities, ports, and power plants — adhere to strict cybersecurity standards. For example, require regular cybersecurity audits and cyber readiness training for employees of critical infrastructure providers. Mandate that all cyber incidents are reported to state cybersecurity offices. Provide incentives, such as tax breaks, grants, or favored supplier status to companies that meet rigorous cybersecurity benchmarks, and encourage businesses to participate in threat intelligence-sharing initiatives to increase overall situational awareness.
4. Expand Cyber Awareness and Training for Government Employees
Human error remains the largest vulnerability in cybersecurity as employees fall victim to phishing attacks and other social engineering tactics that can lead to data breaches and system compromises. States should require basic cybersecurity training for all government employees, periodically simulate phishing attacks to test and improve employee vigilance, establish clear business continuity plans in the event of cyber incidents, and make cyber security awareness a routine part of workplace discussions.
5. Establish a Centralized State Cyber Command
A centralized state cyber command enhances coordination and response capabilities, improves threat detection and response times, streamlines communication between government agencies and private sector partners, reduces redundancy, and improves efficiency in cybersecurity investments.
6. Bolster National Guard Cyber Units
While many states already lean on their National Guard cyber units for incident response during major cyber attack, most states could benefit from expanding these units to ensure that they have the funding, personnel, and training to operate proactively as a first line of defense against cyber threats. Establish emergency response protocols integrating these units with state IT departments and local law enforcement, and run joint cybersecurity drills to ensure that all relevant agencies coordinate effectively in the event of an attack.
7. Secure Election Infrastructure
Ensure that voting systems and databases are safeguarded against cyber threats by replacing outdated machines with secure, verifiable paper ballot systems; conduct regular penetration testing; train election officials on best practices; and establish rapid response teams to address suspected incidents.
8. Strengthen Cybersecurity for Public Health Systems and in K-12 Schools
Healthcare systems and K-12 schools are prime targets for ransomware attacks and data breaches that compromise sensitive patient and student information. States should require that schools and public health organizations implement basic cybersecurity best practices such as multi-factor authentication (MFA) and regular data backups; provide funding for cybersecurity upgrades and staff training; and mandate regular cybersecurity audits and penetration testing.
9. Provide Practical Cybersecurity Guidance for SMBs
Many small and medium-sized businesses (SMBs) lack the resources for advanced cybersecurity tools, but they can still benefit from simple, actionable cybersecurity guidance focused on human behavior. States should provide free cybersecurity training materials to educate employees on phishing and social engineering tactics; encourage strong password policies, MFA adoption, and regular software updates/system patches; and promote cyber incident response planning.
10. Promote SMB Cybersecurity Certification Programs
Introduce voluntary cybersecurity certification programs to help SMBs educate employees on cyber readiness best practices. Certification serves as a badge of quality assurance, boosts customer and partner confidence, and drives broader adoption of cybersecurity best practices across industries. CRI provides a free one-hour certification program that has been taken by thousands of small and medium-sized businesses globally.
“The Time For Action is Now”
“Make no mistake – this shift in cybersecurity responsibilities is a wake-up call to state and local governments,” Koff said. “While some well-resourced states and cities are making progress in this war, many remain underprepared for the evolving threat landscape. Cyberattacks on critical infrastructure are no longer hypothetical — they are happening daily.
“Robust cybersecurity doesn’t require huge budgets,” Koff continued. “Rather, smart policies, collaboration, and proactive risk management make a huge difference. The cyber battlefield is expanding, and adversaries are growing smarter and bolder, so states can no longer afford to be reactive. The time for action is now.”
Contact Information:
Cyber Readiness Institute
Ira Sager
516-286-2567
Contact via Email
https://cyberreadinessinstitute.org/
Read the full story here: https://www.pr.com/press-release/937977
Press Release Distributed by PR.com
|
|
