Every year, we receive the same news: Cyber threats against the United States are on the rise. This year, though, we have some good news: Federal government officials are finally taking these threats seriously. These officials are committed to developing a cyber strategy and working hard to shore up the nation’s virtual defenses. Congress is exploring ways to reorganize its own technology research capabilities. The military is figuring out how to put Silicon Valley to use.
Governments at the state level, however, are lagging.
Cybersecurity suffers from the weak-link problem: Weaknesses in one area can put entire systems at risk. With cyberattacks affecting state and local governments every day, the United States cannot afford to let state-level cybersecurity go unaddressed.
The risks caused by state-level breaches are manifold. States that fail to address their own cyber risks are vulnerable, and one survey found that 40 percent of local governments self-reported an increase in attacks in 2016.
We saw this in March 2017, during the alarming ransomware attack on the city of Atlanta. For more than a week, Atlanta was crippled as hackers locked people out of their own systems, demanding money for return access. Atlanta’s government refused to pay, leaving employees to fill out forms by hand and costing taxpayers more than $2.1 million. Although Georgia eventually indicted two Iranian men for the attack, the city required the help of both the Department of Homeland Security and the FBI to get back on its feet.