Skip to main content

State Cyber Corps and Volunteer Programs: Bolstering Cybersecurity for Underresourced Organizations

LawfareOctober 28, 202541 min190 views
22 connections·40 entities in this video→

The Evolving Cyber Threat Landscape for States

  • 🎯 Traditionally, state cybersecurity focused on government networks, but this is shifting to encompass all organizations critical to community services.
  • πŸ’‘ Small businesses, nonprofits, cities, schools, and small utilities are increasingly vulnerable and struggle with basic cybersecurity due to a lack of dedicated IT or cybersecurity staff.
  • ⚠️ Nearly half of surveyed Bay Area nonprofits had no full-time IT or cybersecurity staff, highlighting a significant gap in expertise and resources.

Understanding State Cyber Corps and Volunteer Programs

  • πŸ›‘οΈ State cyber corps or volunteer programs are akin to volunteer firefighters, organizing cybersecurity professionals to assist underresourced entities.
  • 🀝 Led by state agencies, these programs leverage talented residents willing to contribute their skills to enhance community cyber resilience.
  • πŸ”„ Terms like "state cyber corps," "civilian cyber core," and "cyber civil cores" are often used interchangeably to describe these volunteer-led initiatives.

Current State of Cyber Resources and Gaps

  • πŸ“‰ Many states lack sufficient personnel and resources to address the scale of cyber threats, mirroring shortages in the private sector.
  • πŸš’ While states have resources like the National Guard cyber units and FBI liaisons, these are often insufficient for widespread needs.
  • 🌊 States are traditionally better equipped for natural disasters than cyber attacks, though the devastating impact of cyber incidents is increasingly recognized.

State Cyber Corps in Action and Their Capabilities

  • βœ… Seven U.S. states currently operate functioning cyber corps programs, with more showing interest, indicating a growing trend.
  • πŸ’‘ The Wisconsin Cyber Response Team successfully remediated a ransomware attack on a county government, providing incident response, forensic analysis, and long-term resilience planning.
  • πŸ› οΈ These programs are best suited for IT-related incidents, offering cost-efficient assistance and community engagement, though Operational Technology (OT) can be more challenging due to specialized knowledge requirements.

Recruitment, Retention, and Programmatic Focus

  • πŸŽ“ Volunteers undergo vetting, minimum training, and qualification checks, sometimes leveraging federal background checks for faster onboarding.
  • πŸ“ˆ Retention is fostered through frequent engagement, training, networking events, and the opportunity for civic contribution and community building.
  • 🎯 While primarily focused on incident response, some programs are expanding to include proactive measures like risk assessments and cyber awareness training.

Addressing Cyber Threats: What Programs Can and Cannot Do

  • πŸ’° Cyber corps are cost-efficient alternatives to expensive managed service providers, offering scalable hands-on assistance.
  • πŸ—ΊοΈ They excel at community engagement, providing guidance and basic cybersecurity education to organizations lacking IT expertise.
  • ⚠️ State cyber corps are best suited for financially motivated attacks like ransomware and business email compromise, and generally not for state-sponsored espionage or nation-state attacks.
  • πŸ—οΈ Incident response is their forte, but long-term recovery and breach notification are typically handled by other entities like Managed Service Providers (MSPs).

Future Directions and Federal Policy

  • 🌐 Connecting states with existing cyber corps programs and providing resources like model bills are crucial first steps for new initiatives.
  • πŸ“‰ Federal budget cuts to agencies like CISA and the uncertainty surrounding programs like the State and Local Cybersecurity Grant Program (SLCGP) increase the need for state-led solutions.
  • πŸš€ Federal policy should focus on reauthorizing critical grants, encouraging secure-by-design principles from software vendors, and supporting state-level cyber defense efforts to build sustainable capacity.
Knowledge graph40 entities Β· 22 connections

How they connect

An interactive map of every person, idea, and reference from this conversation. Hover to trace connections, click to explore.

Hover Β· drag to explore
40 entities
Chapters19 moments

Key Moments

Transcript155 segments

Full Transcript

Topics14 themes

What’s Discussed

State Cyber CorpsVolunteer ProgramsCybersecurityUnderresourced OrganizationsCommunity Cyber DefenseIncident ResponseRisk AssessmentOperational Technology (OT)RansomwareCyber ResiliencePublic Interest CybersecurityState GovernmentFederal PolicyCybersecurity Workforce
Smart Objects40 Β· 22 links
CompaniesΒ· 14
PeopleΒ· 5
MediasΒ· 6
ConceptsΒ· 11
LocationsΒ· 3
ProductΒ· 1