Cyber training expands to local leaders
Connecting state and local government leaders
The National Cybersecurity Center will offer the training every two years, and push local governments to take advantage of free resources and information-sharing.
With local governments increasingly on the front lines of cyberattacks and other threats, a training program previously for state leaders has now expanded into the municipal and county arena.
The National Cybersecurity Center (NCC) earlier this month announced the launch of its Cybersecurity for Government Leaders initiative, a program to train all government leaders on cybersecurity best practices. The program was previously known as Cybersecurity for State Leaders but expanded amid high demand from local leaders for something similar for them.
Jonah Wisch, program director at the NCC, said the curriculum revolves around a simple message: Don’t Get DUPED, with the latter part standing for Deploy, Multifactor Authentication, Updates, Passwords, Encrypt, and Don’t Click on Things You Shouldn’t.
Generally aimed at elected officials who are new to their roles, Wisch said training has previously been used by some states in their annual compliance training, but its expansion prevents that now. They expect to run every two years, he said, and encourage leaders to take a “holistic approach” to cybersecurity.
“The reason why we're doing it this year is because it's the few months after our locally elected leaders and state officials have been brought into office and been elected,” Wisch said. “And now, they're fully kind of getting into the swing of things.”
Instead of providing their training sessions on an individual basis to counties, cities and the like, Wisch said NCC’s training is offered in partnership with municipal leagues, councils of governments and similar organizations that work regionally to represent local leaders’ interests. That way, he said, there will be a “threshold of an audience” for each training session.
As well as pushing their own curriculum, Wisch said a crucial part of the training sessions is to encourage local and state leaders to take advantage of the free cybersecurity resources and information sharing provided by the Cybersecurity and Infrastructure Security Agency, as well as the Multi-State Information Sharing and Analysis Center.
Wisch said given the time and financial constraints on small jurisdictions, they or their IT contractors may not be aware of the services already on offer, or “leveraging them to the degree that they can.”
“A huge part for under-resourced jurisdictions is just knowing what's out there and knowing how they can get help,” he said. And he noted that with federal cybersecurity grants coming soon, the use of shared services and regional cooperation as promoted by CISA and MS-ISAC is sure to grow.