Local Engagement Helps Shape State Cybersecurity Efforts | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware


Effective statewide cybersecurity requires more than centralized planning, depending as well on trusted networks that help local governments work together while also respecting autonomy, said government cybersecurity leaders at a recent industry event.

Building engagement across local governments was a recurring theme during a whole-of-state panel discussion at last month’s ISAC Annual Summit.* As the concept has evolved over the past decade, state cybersecurity leaders said they have learned that engaging local governments early, working through trusted partners and respecting local autonomy are essential to successful statewide cybersecurity programs.

Moderator Karen Sorady said one definition of whole-of-state cybersecurity is a unified effort to coordinate collaboration and address shared cyber risks across state and local government, education, and sometimes industry and nonprofit partners. Sorady is the vice president of strategy and plans for the Multi-State Information Sharing and Analysis Center (MS-ISAC), which hosted the summit.


“We don’t have an official definition, but we’ve been living it for years,” Tennessee Deputy CISO Aimé Nsengiyumva said. “We’ve been trying to figure out how we can work closely with local government organizations, how to support them, how to help them, but also how to work together.”

Nsengiyumva also said his state includes local leaders in developing cybersecurity initiatives through its cybersecurity advisory council and other committees, where officials help shape programs and evaluation criteria. State leaders also speak at conferences hosted by organizations such as the Tennessee Municipal League. This type of association can be key for finding trusted messengers and connectors.

In New York, Meghan Cook is director of the Division of Homeland Security and Emergency Services’ Cyber Incident Response Team, and she has researched technology and cybersecurity for many years. During her tenure with the University at Albany, she said developing a cybersecurity primer with various professional public-sector organizations gave additional credibility to recommendations that had been made elsewhere.

The Cybersecurity Primer for Local Government Leaders, published in 2022 by the University at Albany’s Center for Technology in Government, was created in partnership with the New York State Association of Counties as well as an advisory team including several county technology leaders. It was endorsed by multiple organizations, including the New York State Conference of Mayors and Municipal Officials. Cook said curating this information and having it supported by “trusted messengers” helped broaden its reach, and it continues to circulate.

Nsengiyumva reminded the audience that understanding how local governments want to communicate is important, too, whether via email, phone call, site visits or in-person meetings. Rather than a single approach, he said that asking how stakeholders want to receive outreach will help clear a path to strong collaboration.

Minnesota, meanwhile, has gained a clearer understanding of the cybersecurity challenges facing local governments through mandatory cyber incident reporting. State CISO John Israel said that although his state has been moving toward whole-of-state cybersecurity for years, the mandate has helped with threat intelligence. He advised audience members to build relationships and trust while appreciating the value gained from incident reporting details.

The lessons described by the panelists — engaging local governments early, working through trusted partners and tailoring communication — are also reflected in recent guidance experts have provided to states.

For example, a report from the Center for Internet Security and MS-ISAC, Advancing Whole-of-State Security, explores eight core pillars for whole-of-state programming. The pillars include purposeful, sustained engagement, which is defined as building trust through transparency; shared decision-making; consistent communication; and respect for local autonomy.

Capability matures over time, the paper posits, ranging from siloed or ad-hock interactions to formal stakeholder planning and established relationships with county and municipal associations. The authors encourage states to use a provided maturity scale to assess progress, guide strategic decisions and support conversations among tech leaders, policymakers and executive leaders.

“It’s not a checklist. It’s not meant to score you on whether you’re good or bad,” said Netta Squires of Open District Solutions during a follow-up session. “It’s a way for you to see where you are, so you know [where] to possibly invest more.”

Many states are still in early phases of developing related programs. Success is not built on issuing directives, panelists noted, but in part by creating trusted networks that allow independent governments to move together.

“I always think if you’re in the room with people and they’re nice and polite and nobody’s telling you anything really bad, then you haven’t earned their trust,” Cook said. “Get into situations where you can hear the truth. Ask every single time: is this valuable, is it working, and are you creating a space where people can tell you their real thoughts? Even if you can’t make it better, take it in.”

*The ISAC Annual Summit 2026 is an event produced in partnership between the Multi-State Information Sharing and Analysis Center and e.Republic, Government Technology’s parent company.



——————————————————-


Click Here For The Original Source.

National Cyber Security

FREE
VIEW