CYBER1NS3CUR1TY: With all 50 states facing cyberattacks in the past 24 months, it's no wonder lawmakers consider cybersecurity a priority.

• Author: Greenberg, Pam
• Position: TELECOMMUNICATION AND I.T.

A single compromised password was reportedly responsible for the Colonial Pipeline ransomware attack that triggered fuel shortages in Eastern states in May last year. That same month, a foreign government agent breached the Alaska Department of Health and Social Services website, an attack that affected services for weeks and is still being investigated.

Then in October, Russia's top intelligence agency attempted to get at U.S. government and corporate data stored in the cloud--just months after the White House sanctioned Moscow for its role in previous hacks, including SolarWinds, which infiltrated numerous federal agencies.

All 50 states faced cyberattacks against public infrastructure in the past 24 months, with new reports of state and local government incidents being added weekly. Nationwide, hardening cyberse-curity has taken on a renewed sense of urgency.

At least 45 states and Puerto Rico introduced or considered more than 250 bills or resolutions last year dealing significantly with cybersecurity. A few of the enacted bills provide a snapshot of the innovative ways legislators are strengthening the security of government computer systems.

All 50 states faced cyberattacks against public infrastructure in the past 24 months but only half the states have a dedicated cybersecurity budget line item, and most state cybersecurity budgets are less than 3% of their overall IT budget

An Intractable Problem

Constant cyberattacks originating from foreign countries or on behalf of foreign governments, along with increasingly sophisticated perpetrators, make it difficult for security professionals to stay a step ahead. Ransomware attacks, which often have devastating and cosdy consequences, were the most common type of cyberattack on government organizations in 2020, according to IBM's X-Force Threat Intelligence Index2021.

The COVID-19 pandemic only exacerbated the problem, causing disruption and shifts in the way governments operate, and creating additional cybersecurity risks due to a sudden move to a remote workforce. Criminals also took advantage of people's fears during the crisis by launching social engineering attacks to manipulate individuals into giving up personal information or allowing access to networks.

Government IT professionals and the IT industry have expertise and tools to monitor and protect against attacks, but tackling the problem takes much more than that. Some of the challenges include:

* Sophisticated organized crime gangs working on behalf of foreign governments.

* Maintaining and securing outdated legacy IT systems.

* Recruiting and retaining highly skilled cybersecurity professionals.

* Maintaining and securing the large collections of sensitive and personal data held by government agencies.

* The difficulty of tracking ransomware payments made with Bitcoin and other cryptocurrencies.

*...