After Kansas cyberattack, officials advise IT, cybersecurity changes
A statewide position to coordinate cyber security work across sectors, an emergency plan for potential digital attacks and allowing local governments to tap into state IT contracts are among the initial recommendations released Thursday by a panel of cybersecurity experts asked to evaluate the state’s digital landscape.
The report from the task force, created by Gov. Laura Kelly in July, comes as the state’s vulnerabilities to cyber attacks come better into focus, with officials looking at ways to reduce the potential risks of state and local governments to costly attacks.
Earlier this month, officials in Pottawatomie County paid out over $72,000 to resolve an attack which crippled many of its computer systems for weeks.
Nationally, such events have become more and more common, fueled by high stakes ransomware attacks where hackers in effect lock computer systems and refuse to back down unless the governmental body pays a fee.
A report from the Legislature’s non-partisan auditing department, released earlier this month, found that 69 of the 144 school districts surveyed didn’t have a response plan in the event of a cyberattack. Many reported not having basic anti-virus software installed on school computers.
And last week an Ellsworth County man was convicted of remotely shutting down a water plant in the county in 2019. Wyatt Travnichek, a former employee of the Post Rock Rural Water District, would serve a year in prison under a plea deal he struck with prosecutors.
Boost to municipalities, workforce key cybersecurity recommendations
The report’s 45 recommendations are divided between short and long-term actions and largely focus on better coordination between state and local governments on cybersecurity needs.
“Organizations across Kansas are doing the hard work to protect their data, educate their employees and the public, and develop a robust cybersecurity workforce,” Mike Mayta and Jeff Maxon, the taskforce’s co-chairs, said in a statement. “Through these recommendations, we hope to leverage and build upon their success and see it come together in a more whole-of-state approach
That includes a review of the state’s current technology contracts in a bid to identify coverage gaps and a move to open up those contracts to local governments, allowing all parties involved to save money and help local governments have greater access to cybersecurity services.
The report also advised the state consider creating a cyber liaison, a person whose singular role is to coordinate tactics with partners in the public and private sectors. And the state should include in its emergency response plan a way of specifically outlining its response to major cyber crimes in order to cut down on potential confusion.
Much of the recommendations center on improving the state’s pool of information technology workers, while attracting and retaining in them in the public sector.
Experts note that finding qualified workers is one of the toughest challenges facing cash-strapped state and local governments, with a further exodus of IT personnel during the COVID-19 pandemic.
And Alan Shark, executive director of the Public Technology Institute, a firm that supports city and county governments on IT issues, said that similar shortages in the private sector leave local governments unable to compete.
“There’s such a shortage of qualified IT people that many folks are leaving government is they can make 40% more in many cases,” Shark said. “And that’s the minimum.”
The report advises stronger partnerships with the state’s public universities to create apprenticeship or internship programs that serve as “talent pipelines.” Moreover, it recommends a stronger embrace of remote working options to expand the potential applicant pool even further.
Long-term, officials say the state should find ways for private sector companies to share staff with governments, as well as boost wages to be more competitive with those private firms.
The taskforce’s final report is set to come in December.
Andrew Bahl is a senior statehouse reporter for the Topeka Capital-Journal. He can be reached at email@example.com or by phone at 443-979-6100.