Page 80 - Cyber Defense eMagazine forJune 2021
P. 80
Cities today struggle to anticipate when and where they are going to be attacked, and the sophistication
and scope of attacks are increasing, including devastating ransomware threats. Cities of all sizes and in
all countries are at risk, as officials in places like Johannesburg and New Orleans can attest. In Baltimore,
a May 2019 ransomware attack cost the city more than $6 million. We would not tolerate regular
disruptions to our water and electrical systems, and cybercrime cannot become something we simply
accept as a cost of doing business.
That’s why national governments must provide cities and localities guidance about how to organize their
local cyber strategy. Just as a national government can set standards for other essential utilities, we need
countries to mandate robust expectations for cities and states in cyberspace. In the United States, without
strong direction from the national-level Cybersecurity and Infrastructure Security Agency, states have
attempted to take matters into their own hands with cyber legislation. Still, an uncoordinated approach
simply means bad actors will identify the weakest link. The European Union, recognizing “an increasing
risk of fragmentation” without a common framework of certificates, recently introduced a certification
model for information and communications technology (ICT) products that can serve as a guide for
professional certifications and baseline qualifications for anyone managing the local tech infrastructure.
Yet governments and cities will need assistance determining the qualifications and technology required
for their specific cyber risks. National governments need to set these standards, and use whatever
mechanism they can to enforce them, from mandates to tying funding to meeting these standards.
This also goes for creating a qualified cohort of cybersecurity workers. Yes, cyber training programs and
boot camps are already available, but countries should implement uniform standards and require
certifications for state and local employees to improve our overall preparedness. We cannot afford a
patchwork of qualifications and approaches to the growing issue of cybersecurity. A huge cybersecurity
skills gap already exists, with millions of new workers needed to defend organizations and institutions.
To fill this gap and encourage more people to become cybersecurity experts, we must outline exactly
what prospective employees need to know and where they can learn the required skills to fill government
positions.
Clear qualifications will make it easier for countries to update their education systems and training
approaches to meet this new cyber era. A focus on improving the tools available to cities and investing
in new technologies will also offer an opportunity for the private sector to contribute its expertise. If
countries put in place the regulations, certification, and training requirements for cities now, just as many
places have done to manage other utilities, we can all adapt to change more quickly and address the
flood of new cyber threats before significant damage is done.
About the Author
Yaron Rosen is a former chief of the Israel Defense Forces Cyber Staff, research
fellow at IDC Herzliya, and co-founder and president of Toka, a cyber capacity-
building company. Twitter: @RosenYaron
Cyber Defense eMagazine – June 2021 Edition 80
Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.