WASHINGTON — As the nation’s governors consider how to spend funds from President Joe Biden’s bipartisan infrastructure law, the Cybersecurity and Infrastructure Security Agency is encouraging investments in cybersecurity education for Americans of all ages, including public officials and their staffs.
“What we want to do is communicate about this topic in a way where people are not scared to death of it,” CISA Director Jen Easterly said Saturday at the National Governors Association winter meeting.
“What we need to do is really reclaim that territory and make cybersecurity and, most importantly cyber hygiene, a kitchen table issue.”
The $1 trillion bipartisan infrastructure law, signed by the president in November, allocates $1 billion in grant money for states to bolster their cyber defenses. As each state is assessing its individual needs, cybersecurity experts are encouraging partnerships with the private sector and nationwide improvements in cyber literacy.
“We’re only as strong as the weakest link in the chain,” said Tennessee Gov. Bill Lee, who chairs the governors association Pandemic and Disaster Response Task Force.
According to CISA, more than 99% of all cyberattacks could have been prevented with multi-factor authentication, a simple security measure that requires the user to present two or more forms of identification to gain access to their account
The COVID-19 pandemic has exacerbated the cybersecurity crisis confronting everyday Americans, Easterly said, noting an uptick in ransomware attacks against businesses and transit systems.
“You had a global health crisis that, in many ways, became a cybersecurity crisis because you saw entrepreneurial cyberthreat actors take advantage of the fact that so many people are now working from home in ostensibly less secure environments,” she said.
In Biden’s first year in office, hackers also targeted New York City’s Metropolitan Transportation Authority, the Steamship Authority of Massachusetts ferry service and the Port of Houston.
CISA released a resource guide Friday that outlines how state government officials can request federal support in response to future cyber threats.
Arkansas Gov. Asa Hutchinson, chairman of the governors’ association, called the country’s lack of cybersecurity education a “national security issue.” He said K-12 computer science education is necessary in every school to equip the next generation of American cybersecurity professionals.
“Either we’re going to fall behind in our technology development and our innovation, or we’re simply going to acquire all the talent from overseas,” Hutchinson told reporters. “And the third option, which I endorse, is to say, ‘We’re going to lead in the United States of America in training the talent for the digital age.'”