The education curriculum in New York State, for K-12 students, also includes cybersecurity education.
“Through our partners in the legislature and our state education department, we have a K-12 computer science for all curriculum, which includes cyber bullying, social media awareness, banking online and cybersecurity best practices,” he shared. “I have two kids in public school, and to hear my daughter ask me if my Gmail had multifactor authentication warmed my heart.”
Meanwhile, Tennessee is taking a multiprong approach to cyber education, noted Kristin Darby, chief information officer for the state of Tennessee.
“With the AI Council that the state has, we have set up two different subcommittees this year,” she noted. “One focused specifically on education, which is for both K-12 and higher education, and part of that focus is not only cybersecurity but also AI education and the convergence of both.”
That effort is focusing on bringing practical, applied learning solutions to individuals and leveraging vocational schools across the state.
“We are also focusing on workforce development, and how we start to proactively develop programs around particular job areas that we expect may have disruption,” Darby noted. “How do we upskill and transition employees and workforces to be readied for the future, and the expectations of those roles? There are working groups focusing on that.”
A grant program for innovation schools is also working to train students in AI, cyber and networks.
“We have a high school in Williamson County that is actually opening in August, and I think is well-positioned to be a national landmark of vocational schools,” she said. “One of the areas of focus is AI and cybersecurity. Through dual enrollment with Tennessee universities, students will graduate from high school with certifications where they are employable at the day of graduation.”
The Department of Energy’s Oak Ridge National Lab in Tennessee also has a strong partnership with the state. “They also serve on the AI Council and are active participants in many of the programs that I just mentioned,” she said.
However, the main issue for the states is that CISA, the federal organization they have turned to for the last two decades, has undergone downsizing, restructuring and budget cuts.
States rely heavily on the Multi-State Information Sharing and Analysis Center, which CISA, until recently, has funded since 2004, in collaboration with the Center for Internet Security, the state cyber experts testified.
The Multi-State Information Sharing and Analysis Center served as the central cybersecurity resource for the nation’s state, local, territorial and tribal governments, aiding government agencies, law enforcement, educational institutions, public utilities and transportation authorities, according to CISA’s website. The center had been providing cyber threat and response information, cybersecurity best practices, information sharing and incident response.
Also, the states leverage CISA’s State and Local Cybersecurity Grant Program (SLCGP) to add key protections.
In Florida, for instance, the federal program is managed through the Florida Division of Emergency Management and cybersecurity subject-matter expertise from the Florida Digital Service, Sponholtz explained.
Their current focus areas for the SLCGP are law enforcement and critical infrastructure, areas that fall outside the standardized technology bundles provided through the state’s program.
“One proposed water treatment project would make a high-service pump remote input/output system independent from its main controller, helping the process continue operating during a controller failure or cyber incident,” he reported. “Another project would modernize a city’s water and wastewater telemetry system by replacing outdated radio units at a master control site and 35 remote lift stations with more secure and redundant communications. A rural sheriff’s office proposed securing mobile data terminals used by deputies to access dispatch, records, and license plate reader systems in the field.”
