Sarah Powazek, a researcher based at the University of California, Berkeley, thinks so — and she has support from some state technology leaders.
Powazek is program director of Public Interest Cybersecurity at the UC Berkeley Center for Long-Term Cybersecurity.
She also co-chairs the Cyber Resilience Corps, which recently organized a one-day conference in Madison, Wis., designed to bring together those volunteers and spark a larger, nationwide effort meant to help counter digital threats against smaller governments and related operations, including cities, schools and rural hospitals.
About 75 people showed up to the Cyber Volunteering Day event on Oct. 23, she said.
It featured sessions on legal issues, recruitment of other volunteers, cyber insurance and how public and private officials can share information. The Madison meeting came as other cybersecurity-focused events strive to help boost awareness of the threats and offer ideas about defenses.
The gathering was the first time the corps gathered “state-level” officials in the “same room,” Powazek told Government Technology.
Participants at the conference generally focus more on small agencies, nonprofits and other organizations that don’t often earn much attention from the federal government for cybersecurity.
Wisconsin CIO Trina Zanow attended. So did Eric Franco, the cybersecurity preparedness coordinator for Wisconsin Emergency Management.
As Franco described the meeting to Government Technology, the event provided a chance for “national stakeholders” to hear cybersecurity stories, share their struggles with digital defenses and form networks for future efforts.
The meeting ideally resulted in what he called cross-pollination of cybersecurity best practices — always important in any era, but a job that takes on higher importance as federal government budget cuts threaten to disrupt efforts to protect systems from hackers and other criminals.
Indeed, multiple reliable and recent signals point to problems with funding further state and local public-sector cybersecurity efforts — leaving, perhaps, more openings for providers of government technology, and, perhaps, more openings for criminals.
“It’s nice to know we are not alone in this,” Franco said. “We have contacts now.”
Powazek, who has private-sector cybersecurity experience, describes her work as “leading a small research operation” that, among other tasks, helps college students learn how to give pro bono cybersecurity assessments.
She, along with Franco and others, want to build what she called “connective tissue between the folks at the state and local levels. We want to build ecosystems and trusted networks.”
That includes more events like the one recently held in Madison, the state capital, along with regional summits. And that means creating connections with local businesses, who also face cybersecurity threats.
As well, participants and supporters of the recent conference want to “help state agencies talk to each other,” Powazek said, “and help states work with each other.”
If such concepts sound familiar, it’s because they reflect the animating ideals of so-called whole-of-state cybersecurity, which depends on relationships among various governments and agencies and information sharing to build better defenses. Whole of state focuses on long-term teamwork to defend against cyber attacks.
At the recent NASCIO conference in Denver, whole of state was near top of mind for some state chief information officers, especially as federal support becomes ever more uncertain.
No matter how public-sector cybersecurity evolves — through volunteer efforts such as those promoted by Powazek, or via fresh sources of funding — the stakes are increasingly high, as Franco indicated when asked the cliched but useful question of what issues keep him up at night when it comes to cybersecurity.
Attacks on utilities? Ransomware attempts? Taking down public safety services? Exposure of personal information?
“Too many to list,” he said.
