Cyber insecurity, AI and the rise of the CISO

October is Cybersecurity Awareness month, and a time to reflect on what is new. Based on the Public Technology Institute’s (PTI) latest Cyber Survey of Cities and Counties, it comes as no surprise that cyber security once again tops the list of concerns. This year we find the threat landscape with increased dread as cyberattacks continue to rise in all sectors providing a sense of greater cyber insecurity. This also comes at a time when states are still mulling over the best methods to distribute the federal funds aimed at helping local governments better defend against attacks.

Adding to cyber insecurity is the unease in the use of artificial intelligence not only by public employees but by cyber criminals. It comes as no surprise that artificial intelligence (AI) is being used by cyber criminals to further exploit cyber weaknesses and vulnerabilities. In PTI’s City and County AI Survey, AI was listed as the No. 1 application to help thwart cyberattacks. They recognize how AI can actively scan for suspicious patterns and anomalies as well as assist in remediation and recovery strategies. What’s more AI systems continue to learn and act.

Also new this year is the renewed focus on zero-trust frameworks and strategies. Zero trust has never been more critical, and unfortunately, it takes both time and talent to fully comprehend all its dependencies leading towards deployment. This year also saw for the first time in years the National Institute of Standards and Technology (NIST) has modified its Cybersecurity Framework to include an underlying layer of governance in each of its traditional five pillars. This too takes time to plan and implement for those who follow the voluntary guidelines.

The issue of staff capabilities continues to be of great concern to chief information officers (CIOs). As in the past several years, finding and keeping well trained cyber professionals remains a challenge. Almost half of the states have removed the requirement for a four-year college degree in hopes of expanding this specialized labor pool.

Taken as a whole, zero trust, AI, workforce development and adapting to NIST’s modified Cybersecurity Framework adds to the ever-growing load to the CIO. This leads to the growing recognition that every local government needs someone who can remain laser-focused on cyber and all the moving parts, hence the rise of the chief information security officer (CISO).

Each year, the Public Technology Institute’s Annual Cyber Survey of Cities and Counties asks how many local governments have a CISO. While the number is increasing, less than 40 percent have one. The state of New Jersey has passed legislation that requires that every local government have a CISO by 2025. Adding to such a challenge is the fact that, while the legislation is well intended, it does not currently provide any direct funding to pay for having a CISO.

As CIO demands and responsibilities increase, so does the need for greater management and leadership development. The emerging CIO executive requires a complement of deputies to help manage the enterprise, and chief among them is the CISO.

Today’s local-government CISO plays a pivotal role in protecting the digital assets and services of a local government, ensuring that its operations are secure, compliant, and resilient against cyber threats. For those who remain uncertain, here are but 12 of the key roles that a CISO plays. For those without a CISO, it should be understood that each of the following responsibilities is already performed by someone (possibly an overburdened CIO) in some form or fashion.

1. Strategic planning: Develop and maintain the information security strategy, ensuring that it aligns with local government objectives and addresses the evolving threat landscape.

2. Policy development: Draft, update and enforce information security policies, procedures and standards to ensure compliance with regulations and best practices.

To read the complete article, visit American City & County.