HARRISBURG – Prioritizing cybersecurity standards and innovation, improving communication and encouraging the next generation of “cyber defenders” were among recommendations offered to lawmakers at a House Majority Policy Committee hearing at the state Capitol on Monday.
The hearing was led by Rep. Martin Causer, R-Turtlepoint, chairman of the House Majority Policy Committee and Rep. Valerie Gaydos, R-Allegheny, Republican chair of the House Cybersecurity Caucus.
“We’ve seen too many examples of security issues within our state agencies that have put our citizens’ personal information at risk,” Causer said. “With cyber threats on the rise, we need to advance policies that will support improved security and encourage the next generation of cybersecurity professionals.”
Government organizations generally are lagging behind in security when compared to large businesses and industries, according to John Alwine, region director for Unisys Public Sector. He cited recent reports indicating public sector organizations were involved in one in five cyber incidents, and nearly half of those public sector data breaches were not discovered until years later. He cited another report that indicates at least a half dozen state governments had their computer systems compromised between May 2021 and Feb. 2022.
“The public sector has been too slow to realize the significant threat to their own critical systems and information,” he said. “Whether it be protecting personally identifiable information such as tax records, unemployment claims or Social Security numbers, or the systems that allow the Commonwealth to administer licenses, distribute unemployment checks or collect tax receipts, for too long the government has utilized outdated approaches to secure their most important assets.”
The issue has been exacerbated by the pandemic, according to Dr. Kimberlee Ann Brannock, senior security advisor and Michael Howard, chief security advisor and head of security and analytics practice, at Hewlett Packard. They specifically cited the quick pivot to working from home and the pressure on information technology professionals to forego best practices in security to facilitate that transition.
Zackery Mahon, area manager of cybersecurity for Motorola Solutions, focused his testimony on cybersecurity threats to Public Safety Answering Points (PSAPs) and Land Mobile Radio (LMR) used by state and local governments for law enforcement and other emergency response operations. With increased threats to these vital services, he encouraged the committee to establish a baseline set of requirements for cybersecurity in these systems, and to better share threat information across state agencies and public safety environments to limit impact.
Several testifiers also highlighted the need to train people to work in the cybersecurity field.
Michael Mattmiller, senior director of State Government Affairs for Microsoft, outlined the importance of building the cybersecurity talent pipeline, noting fewer than 3% of students are specializing in cybersecurity while there are nearly 500,000 job openings in the field that pay an average of more than $100,000 per year. The company is targeting community colleges across the country to help by offering curriculum free of charge, providing training for faculty and providing scholarships and support services to an estimated 25,000 students.
Gloss