The nonprofit National Cybersecurity Center on Monday kicked off a new initiative to offer training sessions on cyber hygiene and IT security to elected officials in state governments and their staff members. The program will feature virtual briefings, on-demand workshops and other materials addressing not only good online safety measures, but also an overview of the many different cyberthreats state and local government face.
“Cybersecurity is more important than ever with businesses, government, and private individuals falling victim to digital attacks everyday,” Forrest Senti the director of business and government initiatives at the Colorado Springs, Colorado, think tank said in a press release.
The training series is backed in part by Google, which recently expanded its election-security products — such as physical multi-factor authentication keys — to state and local election administrators, after offering them to campaigns and candidates last year. Two secretaries of state, Republican Frank LaRose of Ohio and Democrat Jena Griswold of Colorado, also signed on Monday to be emissaries for the training program in their states, the National Cybersecurity Center said.
“Americans must have confidence in their elections. That can’t happen if we aren’t vigilant in our defense of the digital systems that make up our election infrastructure,” LaRose, who last year became the first statewide elections chief to launch a vulnerability disclosure program, said in the press release.
In an interview last month, Senti said the point of the training will be to provide state legislators, who are responsible for funding IT and cybersecurity policies, with information from industry experts from Senti’s organization as well as its industry partners, such as Google and Microsoft.
The initial lessons will focus on the basics, like the importance of multi-factor authentication, strong passwords and regular software patching, but the training series will also aim to teach lawmakers about different types of threats, from ransomware and phishing to more recent supply-chain attacks like the compromises of SolarWinds and Microsoft Exchange Server.
“We want to make it as relevant as possible,” Senti told StateScoop last month. “Overwhelmingly, legislatures don’t get their cyber knowledge from the cyber community. They get it from the news. It’s not a bad thing, but we need a deeper level of understanding.”