How State and Local Governments Can Address Cyber Security Challenges

Cyber security is an issue that defines the age in which we live. Not only do cyber incursions create a significant threat to commerce but they can also disrupt the internet, which has become one of the primary means for communication.

In particular, state and local governments are more affected by cyber security risk than other sectors of the U.S. economy, as this is where the preponderance of direct citizen to e-government transactions take place. Consequently, it is also at this level of government where the greatest threat of obstruction to service continuity exists.

We are now approaching the first anniversary of President Obama’s cyber policy address. It led to increased national debate on this topic, as well as several structural changes at the federal level, which included the designation of the White House Cyber Security Coordinator role currently held by Howard Schmidt.

Additionally, it has also been just a little over a year since the first ever Congressional Cyber Study Commission issued its report. We owe a debt of gratitude to the members of the Commission and their thoughtful leadership of that critical review.

Earlier this month, I had the opportunity to participate in an extraordinary event: the first ever Worldwide Cyber Security Summit. The Summit was sponsored by the EastWest Institute and held in Dallas, Texas. An extraordinary group of 500 business and corporate leaders from close to 40 countries assembled to discuss issues of policy development, information sharing and collaboration to reduce the cyber threat.

At the Summit, there were breakthrough groups that focused on cyber threats in the following critical industries: telecommunications, finance, media, transportation, energy, national security and essential government services. There were also an impressive group of guest speakers including: Kamlesh Bajaj, CEO of the Data Security Council of India; Udo Helmbrecht, Executive Director of the European Network and Information Security Agency; Liu Zhengrong, Director General of the China Internet Media Research Center and the Deputy Director General of the Internet Affairs Bureau of China’s State Council Information Office; Howard Schmidt; Michael Dell; Jim Quigley, Global CEO of Deloitte Touche Tohmatsu; Tom Ridge, former Secretary of Homeland Security and senior advisor to Deloitte LLP; Teri Takai, CIO of the State of California; John Stewart, CTO of Cisco; and Randall Stephenson, CEO of AT&T.

After attending the Summit, I came away with the following insights as to why state and local governments need to step up their efforts to protect information and avoid service interruptions from cyber intrusions:

  • Budget duress and deficits create an imperative to drive more citizen communication and services to the internet for cost reduction purposes.
  • As more customer-to-government transactions go on the internet, the consequences of cyber intrusions increase.
  • As critical health care, welfare and child protection services go on the internet, the cyber threat may also represent a threat to life.
  • It is presently unclear how international rules of military engagement apply to cyber, therefore, better defined policies are required.
  • Given the intermingling of military and civilian services on the internet, it is also unclear how services to private citizens are protected even if a policy was established to protect services for vulnerable citizens, in the event of a military conflict.

As this has some fairly significant implications, state and local governments in the U.S. should consider the following questions:

  • How does one develop an appropriate policy framework and build multi-lateral alignment?
  • Along those lines, what comprises critical government services that should be protected in the event of the conflict?
  • What is the nature of the protection that should be afforded?
  • What backup capability for critical services should exist in the interest of protecting our citizens?

This is obviously a very provocative set of topics, which are only in the early stages of development. As technology continues to advance and citizen-to-government internet transactions become the primary means of citizen service, it will be important for our elected and appointed leaders to drive alignment on policy and operations to assure that everything possible is being done to prevent cyber intrusions, and that our citizens are protected when such intrusions occur. It is always the safety of our citizens that should be the bottom line — whether in the physical world or the cyber one.

Mr. Robert N. Campbell III is Vice Chairman, Principal, Deloitte LLP and is the U.S. State Government Leader, based in Austin.

The Gallery is a forum for ideas and examination of matters facing state and local government. Readers, members of the media, academics or the business community are invited to submit guest columns to civsource{at}civsourceonline{dot}com or read more about our audience by downloading: CivSource Readership. Member of the public sector? We’re interested in hearing from you too, learn about how you can contribute. CivSource does not endorse the views presented in The Gallery, but offers them in an effort to present more diverse coverage. CivSource will review all submissions but does not guarantee publication of all works submitted.