As the cyber threat landscape continues to morph for entities at the Federal level, so too does it change for governments at the state, local, and tribal level. For the state of Illinois, adding cyber into emergency management and working closely with counties has helped to better prepare the state for cyber threats.
Speaking during the Cybersecurity and Infrastructure Security Agency’s (CISA) 4th annual Cybersecurity Summit, Illinois Homeland Security Advisor Alicia Tate-Nudeau spoke about what needs to be done daily to monitor cybersecurity threats, how to measure up to Federal expectations, and how to triage cyber incidents in the state.
“Working very closely with our counties that they report things if they see an anomaly, they will report that up to us,” Tate-Nudeau said. “At any given time we have a core group of people that work on this problem set, they’re brought together, and then we try to identify what it is a solution to it, but that’s not really enough.”
“I think, overall, we would agree that it’s never going to be one county or one location that gets it. More than likely it’s just a beginning or an indicator to possibly something larger,” she added.
To combat current and future cyber threats, the state evaluated whether it had the necessary authorities to address these emerging threats. Through the Illinois Emergency Management Act, cyber was added into it “because it was always silent in that area,” Tate-Nudeau said. Additionally, through Federal Emergency Management Agency (FEMA) grants, the state has used “targeted investments” in areas it believes will help boost cybersecurity in the state overall.
Over the next year, the state’s priorities regards cyber resilience include ensuring a strategic plan is in place, aggressively working with partners, and having discussions centered around supply chain security.
“First of all, I’m happy to say that we actually have a cyber strategic plan,” said Tate-Nudeau. “And even though I think everybody who’s watching this right now you’re saying ‘duh, of course you need a cyber strategic plan,’ but getting all the partners together at the table, and being able to agree upon that and to publish that guidance so we can move forward was really quite a challenge.”
“I will say that we have phenomenal partners,” she said, adding that the state is “now in the middle” of implementing its strategic plan.