By Josh Peterson | Watchdog.org
U.S. taxpayer dollars are being spent to beef up state cybersecurity efforts, despite the lack of a dedicated Department of Homeland Security cybersecurity grant program to help state and local operators comply with a new set of security expectations.
Utilities are at risk of being disabled by a major cyber attack.
Companies responsible for maintaining the nation’s critical infrastructure are looking to comply with a recent framework published by the U.S. government’s technology standards agency, National Institute of Standards and Technology.
Critical infrastructure includes industries such as the nation’s utilities, telecommunications, transportation and health. NIST’s framework was mandated via executive order from President Barack Obama in February 2013.
During a recent event in Rockville, Md., FierceGovernmentIT reported that no dedicated grant program existed within the agency, according to a DHS official at the event, to help state and local criticial infrastructure operators comply with the framework.
To create such a grant program would first require congressional action, said Jenny Menna, director of stakeholder engagement and cyber infrastructure resilience at the Department of Homeland Security.
Nadya Bartol, senior cybersecurity strategist for the Utilities Telecom Council, told Watchdog.org, however, that even with “the realities of a limited budget and multiple priorities it should be noted that the framework is not a compliance vehicle.”
“The framework is a toolbox that helps organize the thinking about Cybersecurity and the requisite activities,” Bartol said in an email response.
Lack of dedicated funds, however, has not stopped DHS from leveraging existing grant programs to states to address the issue, nor states from making the same considerations.
“DHS is engaging in educational conversations with state and local regulators, and there are existing DHS programs that already help with many aspects of the framework,” said Bartol.
Funds from a $4.7 million DHS grant to Nevada, for example, are expected to be used to address cybersecurity issues for the state.
During a March 24 Nevada Commission on Homeland Security meeting, commissioners unanimously agreed that cybersecurity was the top priority for the state.
Commissioner Chris Ipsen, chief information security officer for the Nevada Department of Administration, also proposed that the commission create a “Cyber Security committee” that would develop a “statewide cybersecurity plan,” according to meeting minutes.
“Cybersecurity is not an activity or process that can be considered “done”, just like safety efforts can never be considered “complete”(sic)” said Bartol.
Contact Josh Peterson at firstname.lastname@example.org. Follow Josh on Twitter at @jdpeterson