A Cybersecurity Primer for Local Leaders Why It’s Important, What to Know, and What to Do By Alondra Berroa, Program Associate and Meghan Cook, Program Director, Center for Technology in Government, University at Albany, State University of New York
C
ounties and local entities are increasingly vulnerable to cyber threats and continue to fall victim to a range of cyber attacks. Protecting against a cyber attack is an effort that requires a unified approach from the entire county including executives, administrators, legislators, supervisors, information technology (IT) and security staff, department heads, counsel, and employees. It’s a misnomer that protecting the county is only for IT and security leaders. It is a countywide challenge that requires a countywide approach. But in order to do that, it is helpful for everyone within the county to have a basic understanding of cybersecurity, cyber preparedness, and their role in their county’s cyber risk management and incident responses. At a workshop and meetings at NYSAC Fall Seminar, county leaders identified a long list of cybersecurity concerns, including: tracking the cyber threat environment, making sure critical data is protected, knowing the best way to allocate scarce funding, what skills to recruit to boost security, the specific vulnerabilities facing their county, the financial impact of a cyber breach, and what questions to ask of their IT team.
.
.
48
NYSAC News | Winter 2022
In response, county leaders asked NYSAC to develop resources that could improve their basic information of cybersecurity, with specific attention on what county leaders can and should do. NYSAC reached out to the Center for Technology in Government at the University at Albany to assemble a statewide advisory team and develop a Cybersecurity Primer for County Leaders. CTG UAlbany, an award-winning research institute with expertise in building capability among government leaders, was the/a natural choice to develop this important piece of work. The Cybersecurity and Infrastructure Security Agency (CISA) defines cybersecurity as “the art of protecting networks, devices, and data from unauthorized access or criminal use and the practice of ensuring confidentiality, integrity, and availability of information.” As governments carry out critical operations and services, protecting all assets has become an increasingly complex and continuous effort but one that needs attention and resources.