CYBERSECURITYTrump Is Shifting Cybersecurity to the States, but Many Aren’t Prepared
President Donald Trump recently signed an executive order which substantially reduced the role of the federal government in securing elections, health care, and critical infrastructure against cyberattacks by state actors and cybercriminals. The responsibility of for protection has been shifyed to states and localities, but only 22 of 48 states in a Nationwide Cybersecurity Review met recommended security levels. Moreover, Trump’s funding cuts will make it more difficult for states to bolster their cyber defenses.
For the first half of his career in law enforcement, working as a police officer in South Florida, Chase Fopiano did not think cyberattacks on police agencies were a serious threat.
Many of his law enforcement colleagues were under the same impression — that since they were the most likely to investigate the attacks, there was no way cybercriminals would go after them.
By about 2015, as technology advanced and hackers became more creative, that changed, Fopiano said. Now, from the U.S. Secret Service to the Florida Department of Law Enforcement, there are thousands of attempts to compromise networks or organizations every day, he said.
“A lot of those [attempts] are toward government or even police, especially because they know that we’re not as prepared as we should be,” said Fopiano, who now oversees cybersecurity as part of a regional task force.
Spanning health care facilities to court systems, states and local communities are facing a rise in cyberthreats. They include threats to critical infrastructure, increased activity from foreign actors, continued ransomware attacks and more, according to a recent report from the Multi-State Information Sharing and Analysis Center.
But President Donald Trump recently signed an executive order shifting some of the responsibility from the federal government to states and localities to improve their infrastructure to address risks, including cybercrimes. And federal cuts have reduced resources for state and local officials, including a cybersecurity grant program and a key cybersecurity agency.
States and localities are taking steps to address the problems, such as establishing new penalties for tampering with critical infrastructure, centralizing state IT personnel and setting standards in areas from elections to health care.
But the Trump order and federal funding cuts, a shortage of IT experts at the local level and an overall lack of preparedness could weaken their efforts.
In December, a major cyberattack forced Rhode Island to take down its online portal used by residents to obtain Medicaid benefits and SNAP, commonly known as food stamps. The personal data stolen from Rhode Island’s public benefits network — including Social Security numbers and banking information — was later found on the dark web.
In February, a “sophisticated cyberattack” hit the office of Virginia Republican Attorney General Jason Miyares, which led agency officials to shut down computer systems and resort to paper court filings.
