That was the message from Rep. Roger Chase, of Huron, during a recent meeting of the Study Committee on County Funding and Services.
The committee's focus this summer has been on finding ways to cut costs for counties, with potential solutions like diverting revenue from the state's alcohol excise tax, capping counties' indigent service costs and even allowing counties to share government buildings.
The round of proposals also included a state-funded cybersecurity grant program for local governments
The threat of an ill-meaning hacker stealing banking information is real, and the same could be said for local governments' IT systems, access to which is what keeps government operations working smoothly. If a piece of malware is let loose in a network, especially a large network like those of a school or local government, the options are to either shut down the network or risk exposing valuable information to a hostile third party.
This is what happened in Brown County in 2021, when the county government's computer network experienced an outage caused by an employee clicking an email link, which installed malware onto the computer.
Luckily, according to Brown County Commission Chair Duane Sutton, the attack did not turn into a ransom situation, where the county's IT system is held hostage until a ransom is paid to the perpetrator. Sutton said if they hadn't acted quick to shut the county's server down, the result might have been a lot worse.
"From the time that the hack happened, and we shut the server down, very little time lapsed," Sutton said. "They told us that not personal information, any employee information or security numbers or anything like that leaked."
The purpose of the malware was to activate/extract data from the county computer systems, to potentially hold for ransom.
Malware infecting his county's network was more than aggravating, said Sutton. For the weeks that followed, the county went into a tailspin, with several employees and departments unable to access what they needed to complete their jobs.
Sutton said the county commission instructed Brown County's newly hired IT supervisor Pat Wolberg to do everything he could to get the network back up to speed, and with coverage from the county's insurance policy, make improvements the network so that it doesn't happen again.
"It made me realize how critical malware protection is," Sutton said.
As for the potential for a cybersecurity grant, Sutton said the benefit would probably be felt the most from counties without the resources that Brown already has. Brown County's insurance covered the cost of getting the network back up to speed, but Sutton said not every South Dakota county has the same population-fueled pocketbook as Brown, and those with fewer resources may have a harder time recovering with the speed necessary to avoid the worst of an attack.
"Brown County is sitting in better shape than some counties because of our size and our population," Sutton said. "But every county is vulnerable, and for some of these small counties that don't have a standalone IT department, they may have to hire it through some third party."
Sen. Randy Deibert of Spearfish, also on the county funding committee, said a cybersecurity grant program with state funds would need to be for all local governments, cities and counties included, and it's obvious the state will not be receiving any federal funding for cybersecurity improvements.
Gov. Kristi Noem's administration rejected $1 billion in federal cybersecurity grants for county and city governments, and the administration will be turning down even more cyber-infrastructure funding in 2024. The same grants were accepted by 48 other states.
South Dakota abstaining from federal funding for cybersecurity doesn't make much sense when 96% of the country is opting into it, said Sen. Liz Larson, of Sioux Falls. She said not accepting the funds seems more like a political posturing than a valid cost-cutting measure.
"We get viewed favorably by rejecting federal funding, because that's just the political climate we live in today," Larson said.
Florida, the only other state that rejected federal cybersecurity funding, appropriated more than $100 million in state funds toward cybersecurity investments at the state and county levels in 2022, as well as
$30 million in state and local government employee cybersecurity training
.
A state like South Dakota, with 4% the population of Florida, does not have the same pocketbook for coming up with a similar cybersecurity fund.
The Study Committee voted 13 to 1 to carry the idea of a state-funded cybersecurity grant forward to the next session.
© 2023 The Daily Republic (Mitchell, S.D.). Distributed by Tribune Content Agency, LLC.
