The Reality of the Local Government Cybersecurity Skill Gap

Local government IT teams are realizing—and working to address—a critical skill gap in the area of cybersecurity.

by Jim Flynn, CivicPlus / June 15, 2019
SPONSORED
Shutterstock

With technology evolving at an unprecedented rate, information technology (IT) directors in the public sector are feeling the pressure to ensure not only that they remain informed of the latest tools and trends, but that their entire teams are equally knowledgeable. With budget constraints always at the forefront of concerns for cost-conscious IT directors, it may not always be fiscally feasible to routinely outsource training and education for every member of your team. Instead, prioritizing techniques must be implemented to raise the level of technical skill and competency in the most knowledge-deprived areas with the potential to make the most critical impact on infrastructure and civic data. For this reason, local government IT teams are realizing—and working to address—a critical skill gap in the area of cybersecurity.

The Growing Threat of Cybersecurity

Cyberattacks are a growing threat in both the private and public sector, yet local governments possibly stand to lose more than their private sector counterparts: The trust of their constituents and voters. According to the 2017 Accenture report, The Cost of Cyber Crime, the number of cyberattacks against government agencies is increasing, with public sector organizations experiencing 53 such attacks on average per week during 2017. With local government IT teams lacking critical knowledge in the area of cybersecurity, they make their civic and citizen data further vulnerable to hackers and cyber extortionists with the skills needed to target the systems of the highest-risk communities.

Addressing the Upskill of Cybersecurity in Civic IT

Do not wait for a cyberattack to test your systems and your team. What follows are the steps local government IT directors need to take to upskill their staff members in the area of cybersecurity.

Act Now

Do not wait for another budget or strategic planning cycle to begin enabling staff to obtain the in-depth training they need to learn about such critical cybersecurity components as network infrastructure, SSL, cloud computing applications, security analysis and investigation, application security, attack vectors, and attack schemes such as distributed denial of service (DDoS) attacks.

Follow Federal Best Practices

Rely on guidance established under The Federal Cybersecurity Workforce Assessment Act to determine the vastness of your staff’s knowledge gap and prioritize instructional areas. When established, the goal of The Federal Cybersecurity Workforce Assessment Act was to align the strategic management of the Federal cybersecurity workforce with the national standard set in the National Initiative for Cybersecurity Education (NICE) Workforce Framework.

While federal agencies must comply with The Federal Cybersecurity Workforce Assessment Act, it can serve as a planning tool for municipal entities as well. Upon its enactment, the Federal Cybersecurity Workforce Assessment Act advised federal agencies to conduct a baseline assessment of their existing workforce by completing the following steps:

  • Identify the percentage of staff with Information technology, cybersecurity, or cyber-related functions who currently hold appropriate industry-recognized certifications
  • Identify the level of preparedness of staff without credentials to take certification exams
  • Identify a strategy for mitigating any gaps identified with appropriate training and certification for existing staff.

Put an Action Plan in Place

By following the Cybersecurity Workforce assessment procedures, at the conclusion of your analysis, you should have identified your IT department’s greatest skill shortages, have analyzed the cause of those shortages and provided measurable action plans to address them initially and on an ongoing basis.

Encourage Key Staff to Obtain Security Certifications

When developing ongoing training plans, rather than simply offering employees access to training courses, enable key staff members to obtain security certifications to ensure they receive the most thorough, actionable knowledge.

Build Repeatable Processes

As part of your training efforts, assess the risks your systems face from outdated infrastructure and manual processes. Use your training processes as an opportunity to document and formalize all cybersecurity protocol for your community.

Include Non-IT Staff in Your Overarching Cybersecurity Training Plan

If you intend to invest in a quality local government website hosting solution partner and the training of your IT staff, why wouldn’t you ensure non-technical staff understand the role they play in keeping your systems secure? Every employee needs to understand the risks involved with opening suspicious attachments or clicking links from unknown senders, and who on your team to contact with any questions or concerns.

Cultivate a Culture that Prioritizes Cybersecurity

From new hires to tenured staff, communicate clearly to every member of your team that cybersecurity is a critical priority of your IT department, and that it plays a vital role in your administrative public service efforts. Doing so will encourage staff to seek out additional knowledge sources and educational opportunities to supplement provided training.

Rely on a Trusted Outsourced Partner

In tandem with internal training, local governments should consider outsourcing their hosting and security efforts to minimize the footprint of a potential cyber threat. Make sure you are selecting a solution partner that offers at least 99.9 percent up-time supported by a fully redundant, tier II data center, multiple network providers, burst band-width, and live 24/7/365 emergency support.

Remember, a cybersecurity skill gap will put your citizen and civic data at risk. Ensure you are doing enough to enable quality skill advancement, and digital community security by formulating your community cybersecurity upskill plan today. For more best practices on civic website security, hosting, and digital system upgrades, click below to download our eBook.

About the Author Jim Flynn

In his role as the Director of Information Security at CivicPlus, Jim Flynn is responsible for managing the security and hosting reliability for its over 3,500 clients and their over 75 million citizens. Jim has been on the forefront of cybersecurity strategy and leadership, protecting local governments from the continually evolving cyber threats that exist today. He has been with CivicPlus since 2009 and brings over twenty years of IT security and data management experience to its local government clients.

This content is made possible by our sponsor; it is not written by and does not necessarily reflect the views of e.Republic’s editorial staff.

Platforms & Programs