Government Technology: Testimony Highlights Funding Gaps in the War on Ransomware

Ransomware may be powered by tech-savvy developers, but it doesn’t always take a high-tech approach to make life harder for these criminals.

“While we can all agree that more resources for state and local governments are necessary, we must also ensure they are spent responsibly and effect meaningful impacts on risk reduction,” said New York state Rep. Andrew Garbarino.

Garbarino noted that state and local agencies can improve their security through relatively simple steps like enacting multifactor authentication, updating software and keeping backups.

Many agencies’ defenses are hampered by legacy IT systems that may be both expensive to maintain and, in some cases, no longer supported by software updates, said Chris Krebs, former director of CISA.  Too often, state and local governments lack the financial resources or personnel to modernize their systems and implement new security practices, however.

“Let’s do a 21st-century digital infrastructure investment act that will allow state CIOs and community CIOs to not just buy cybersecurity technologies, but to get off some of the dated legacy systems that they have,” Krebs said.

Direct funding is not the only tool available, either, and the federal government can also push private technology providers to make their software more secure, Krebs said. The White House might decide to only procure software the features multifactor authentication, for example, which would encourage vendors to make this the norm in all their products.