By Tom Foulkes and Henry Young
In October 2021, in conjunction with Cybersecurity Awareness Month, BSA published Strengthening Trust, Safeguarding Digital Transformation: BSA’s Cybersecurity Agenda, which identifies BSA’s priorities and offers policy recommendations to improve cybersecurity. BSA’s Cybersecurity Agenda addresses many cybersecurity issues that confront leaders in state capitols across the US. The numbers illustrate the growing focus on cybersecurity in state capitols: in 2021, 21 states passed cybersecurity bills aimed at managing cybersecurity risk.
Secure Software Promotes Security, Digital Transformation, and Our Entire Digital Ecosystem
Modern society is built on software—it connects people to their friends and family, enables governments and businesses to operate more efficiently and securely, and underpins the global economy. In the response to the COVID-19 pandemic, software enabled state governments to help school districts transition to online learning models, continue to deliver services to its most vulnerable citizens, and manage the global pandemic locally by identifying ongoing needs and resourcing appropriately.
Indeed, the benefits of the enterprise software industry extend far beyond the products and services the industry delivers to its government and businesses customers. These benefits include the creation and support of good-paying jobs in communities across the country and in industries far beyond the technology sector. For example, as the BSA Foundation found in Software: Supporting US Through COVID, in the US, “[i]n 2020, software supported more than 15.8 million jobs in total—an increase of 5.9 percent since 2018.”
As we increasingly use software and other digital technologies to improve our daily lives, it is imperative that enterprises and policymakers around the world and at every level of government consider cybersecurity from the outset, as well as how these technologies can support broad and inclusive growth, to ensure that the products and services on which we rely are secure.
State Government Priorities for Cybersecurity
Strengthening Trust, Safeguarding Digital Transformation: BSA’s Cybersecurity Agenda includes issues important to state governments, such as (1) modernizing government IT and cybersecurity, including strong public advocacy for Congressional funding for state governments and (2) building an effective cybersecurity workforce—two topics of discussion in numerous state capitols across the US.
Modernizing Government IT and Cybersecurity. Increasing investment in cybersecurity in the short run will, over the medium and long term, save resources and better protect citizens and critical infrastructure. Some improvements states should consider include migrating to cloud services and implementing strong identity and access management practices, such as using zero trust architecture and multifactor authentication. States should also seek to streamline procurement processes and requirements, aligning any such processes and requirements they impose with existing best practices, national laws and policies, and international standards.
Building an Effective Cybersecurity Workforce. An effective cybersecurity workforce is essential to state governments—it enables states to securely and effectively provide services to their citizens, encourages their economies to continue to grow, and provides opportunities for people and communities to reap the benefits of good-paying jobs. Fortunately, people of all ages and from all walks of life have the aptitude and interest to learn valuable cybersecurity skills, many of which do not require post-graduate, four- or even two-year degrees, but can be done by people who have earned applicable certifications. To ensure states have the workforce they need, BSA supports broadening opportunities, promoting alternative paths, improving training programs, and expediting the development of the diverse workforce needed to secure our shared future.
As states consider how to modernize their IT and cybersecurity and to build their cybersecurity workforce, states should engage experts in industry, academia, and other stakeholder organizations. Indeed, states should align their actions with existing laws, policies, best practices, and international standards, which are often developed through multistakeholder processes that are open, transparent, and consensus-based. This alignment will improve a state’s cybersecurity risk management while maximizing the number of companies able to provide products and services, thereby ensuring states receive the best return on their cybersecurity investments and have access to state-of-the-art solutions. When governments impose unique requirements that differ from existing and effective laws, policies, best practices, and international standards, policymakers risk creating complex compliance regimes without an accompanying improvement in cybersecurity for consumers. For these reasons, BSA advocates targeted and aligned requirements that will concretely improve cybersecurity.
BSA supports both federal and state governments investing in local and state cybersecurity improvements and advocates for federal funding to assist states in accomplishing these important goals. We also prioritize the development of the cybersecurity workforce necessary to meet the needs of the public and private sectors and continue economic growth. We look forward to working with state elected officials as they engage on these important cybersecurity challenges.