______________________________
_____________________________
_______________________
______________________________
_____________________________
_______________________
The California Governor’s Office of Emergency Services recently announced a new funding initiative designed to strengthen cybersecurity at a state and local level. The State and Local Cybersecurity Grant Program (SLCGP) will provide $22.5 million in grant funds to state and local governments, as well as federally-recognized tribal nations, to improve critical infrastructure cybersecurity and minimize threat risks. The SLCGP also builds upon the 2021 Cal-Secure plan enacted by Gov. Newsom: a five-year cybersecurity roadmap that addresses statewide cybersecurity gaps, so threats can be circumvented and managed more effectively. With cyberattacks on the rise across California, these efforts are essential to protect public safety and privacy, as well as the public services people rely on.
Cal-Secure: significant investment in cybersecurity technology
The Cal-Secure framework aims to outfit California’s Executive Branch with “a world-class cybersecurity workforce, an empowered and right-sized federated cybersecurity oversight governance structure, and effective cybersecurity defenses to all technology, including critical infrastructure”. The program contains actionable steps and success markers designed to strengthen state cybersecurity across three different categories: people, process, and technology. In particular, technology investments are set to improve cybersecurity across the state’s government institutions.
In the plan’s initial years, basic security practices (such as, multi-factor authentication and continuous vulnerability management) will be adopted, whereas more complex practices (insider-threat detection and encryption strategies) will be implemented closer to the end of the program. The Department of Technology received a $260 million investment for these purposes. Modern security technologies and practices are no longer optional. They’re a must in order to public assets and services.
Cyberattacks and data breaches on the rise in California
Indeed, cybersecurity initiatives like the SLCGP and Cal-Secure are vital now more than ever as cyberattacks have doubled within the past year across California and the wider U.S.. For example, last June, 911 emergency services were disrupted in parts of Southern California due to a cyber incident by notorious ransomware gang, DragonForce. It’s thought the aim of the attack was to steal patient data for profit.
Prior to that attack, in May, the California School Association — which serves over 17,000 California educators — was hit by a ransomware attack that exposed personal details of around 54,600 people. Although no identity theft or fraud has so far been detected as a result, affected individuals will receive credit monitoring services for the next year. In fact, California actually has the highest recorded number of data breaches in the U.S., recent data from Network Assured reveals. This is likely because the state’s extensive critical infrastructure makes it particularly attractive to hackers. Government initiatives to strengthen critical infrastructure therefore remain essential to improve the state’s resilience against cyberattacks.
More cybersecurity workers to be recruited across California
“While these [technological] upgrades are important on their own, the human and policy components are much more critical”, Vitaliy Panych, California Chief Information Security Officer, told StateScoop about the launch of the Cal-Secure framework. “The main theme is to embed cybersecurity controls and practices, not just from a tech perspective, but from a process perspective”. To that effect, greater numbers of government cybersecurity employees will also be hired as part of the Cal-Secure program. They’ll also be provided with comprehensive training to better protect the systems and personal data used to provide public services.
To further reach these goals, K-12 cybersecurity lessons will also be provided in schools. California State University and the University of California, as well as community colleges, will also incorporate cybersecurity as part of their curriculums. And, for older adults interested in a career change, cybersecurity apprenticeship programs will be made available to give mid-career professionals an entry-point into state agencies.
Cybersecurity initiatives like the SLCGP and the Cal-Secure framework are strong first steps to help protect against future cyberthreats. “Hackers steal our time, money, and peace of mind”, said Gov. Newsom in a statement about the launch of Cal-Secure. “Data protection is among the most important things we can do to prevent disruption to our daily lives and our economy. We have to do more to safeguard the state’s critical infrastructure, intellectual property and our status as one of the world’s top economies.”
