The National Cybersecurity Center, a nonprofit think tank, plans to offer training courses later this year to legislators and their staffs in every state.
The training, which will cover cyber hygiene, threats and how cybersecurity affects the work state legislatures do, are “all about raising the awareness of cybersecurity,” said Forrest Senti, the director of business and government initiatives at the Colorado Springs, Colorado, research group.
Senti said the 50-state training series is being backed by Google, which on Tuesday also announced an expansion of its election security products to state-level political campaigns, after providing them to campaigns for federal office. The web giant last year distributed more than 10,000 of its Titan Security Keys — a physical token for two-factor authentication — to employees of more than 140 campaigns for Congress and the White House. It also established a help desk and knowledge base for campaign workers in search of cybersecurity support.
While those Google products will now be available to people seeking governors’ mansions and statehouse seats, Senti said the legislative trainings will cover more than just election-related cyber issues.
“The way we’re doing that is making sure they’re understanding the basics, as well as what cybersecurity really is,” he said, adding that the instruction was developed in consultation with a group of state chief information security officers.
Senti said the trainings will aim to give state lawmakers and their aides a picture of where they fit in the cybersecurity picture by going over different types of attacks, including phishing, SIM swapping, misinformation and supply-chain compromises, citing real-world examples. The 2018 ransomware attack against the Colorado Department of Transportation, for instance, is a “great example,” he said, as it cost the state nearly $1.5 million.
“We want to make it as relevant as possible,” he said. “Overwhelmingly, legislatures don’t get their cyber knowledge from the cyber community. They get it from the news. It’s not a bad thing, but we need a deeper level of understanding.”
Senti said the training will feature the National Cybersecurity Center’s in-house experts, as well as representatives from some of its corporate partners, including Google, IBM and Microsoft.
And while the sessions will cover a broad range of cybersecurity issues, they will partly hone in on election security to better educate lawmakers that the fiscal decisions they make in the statehouse affect the resources given to local election officials trying to secure their infrastructure.
“This core idea where counties and jurisdictions get their funding from is from the state to update machines, additional firewalls or IT staff,” Senti said. “But that ask comes from the legislature. If the legislature doesn’t understand the fundamentals, we can’t raise the importance of election security.”
Senti did not say exactly when the training sessions will begin, or which states will go first, but he said he hopes to be able to offer the series both in both live — albeit virtually — and on-demand settings.