The Cybersecurity and Infrastructure Security Agency is actively working to help states strengthen their cybersecurity efforts by setting up a 50-state network of federal cybersecurity coordinators, one per state.
In November, then-CISA Executive Director Brandon Wales told the House Oversight and Reform Committee his agency had already hired 36 coordinators. As of the end of December, that had increased to 37, with another five positions going through selection processing, according to Laura Delaney, CISA’s deputy assistant director for the Integrated Operations Division.
“The CISA cybersecurity state coordinators play a central role in threat information sharing with state partners, but this also occurs through each State Fusion Center that typically includes several other federal partners, as well as the Multi-State Information Sharing and Analysis Center,” or MS-ISAC, Delaney said in an email. “The states share insight into their cybersecurity programs and practices, and having people on the ground in the states gives CISA a valuable resource for identifying incidents that may have national impact.”
Since every state’s IT organizational structure is different, Delaney said there is not a “one-size-fits-all” approach for the coordinators to help their states with designing and implementing cybersecurity plans. The coordinators have resources to help organizations develop their plans, and provide workshops for state, local, tribal and territorial partners to raise awareness of cybersecurity best practices. In New Hampshire, for instance, the coordinator is helping localities switch to .gov web addresses as one way to cut down on phishing schemes.
In addition, the coordinators can help states complete the assessments required for the Homeland Security Grant Program. Once guidance is finalized, the coordinators can provide information about obtaining federal funds through the State and Local Cybersecurity Grant Program that was included in the Infrastructure Investment and Jobs Act of 2021, known more broadly as the bipartisan infrastructure bill.
In addition to working with the agencies in their own assigned states, the coordinators also communicate among themselves regionally, nationwide and with cybersecurity teams within CISA and other federal agencies.
“This allows coordinators to share the diverse and unique perspectives that each state has in tackling problem sets and the opportunity to learn from [the] others’ experiences,” Delaney explained. “This coordination assists in maintaining consistency across the program as a whole … [And] having resources placed at the local level allows CISA to develop a clearer picture of the challenges that each state faces related to cybersecurity, [such as] ransomware, under resourced counties and municipalities, election security, etc.”
Success in cybersecurity depends on prevention, mitigation and recovery. When asked for a “success story” for the coordinators, Delaney wrote that two CISA regions partnered to respond to cyber incidents targeting a number of agricultural cooperatives.
“The ransomware events were occurring at the height of the harvest season and impacted precision agriculture and delivery of product to the [manufacturers] which relied on the harvested grain,” Delaney wrote. “Response efforts and information sharing between the regions, headquarters, [Joint Cyber Defense Collaborative] and the FBI resulted in the rapid mitigation of the ransomware events.”
Delaney said the stakeholders were able to restore their systems in less than a week. An extended incident would have affected 120 grain storage sites, 16,000 co-op farmers, 425 million bushels of grain destined for feed manufacturing and bio-fuels, and 18% of all grain production from 14 million acres of farmland.
These cybersecurity state coordinators are an important part of building out the protective infrastructure needed to secure government, the private sector and users from disruptive and destructive cyber threats. But finding, hiring and retaining them is not an easy task.
The job market for experienced cybersecurity professionals is highly competitive—in August 2021 the Commerce Department estimated there were 500,000 open positions. Public sector agencies at all levels have a hard time competing against the private sector’s larger salary and benefits packages, but this particularly pinches state and local agencies. Add the effects of the pandemic in creating historic levels of remote work and the need increases exponentially.
“The federal government offers competitive salaries and extensive benefits packages,” Delaney wrote. “In the federal space, there are locality adjustments factored into salaries. And in certain federal positions there are additional pay for retention bonuses if the employee possesses particular licenses or certifications.”
Delaney pointed to the introduction of the Cybersecurity Talent Management System, a tool designed to attract cyber talent from across the spectrum, entry level through senior executives. The system “includes new hiring processes, new compensation structures and new development approaches designed specifically to recognize employees for their critical cybersecurity skills and mission contributions,” she wrote.
CISA has budgeted $5 million for the state cybersecurity coordinators program. The eight states where CISA is still seeking candidates through USAJobs.gov are Alabama, Colorado, Iowa, Louisiana, Mississippi, New Mexico, South Carolina and Tennessee.