The ‘Trojan Horse’ and the Workforce: Threats to Jobs Take Center Stage at House Cybersecurity Hearing

The Commonwealth could benefit immensely from stronger cybersecurity measures and a strengthened cyber workforce. That was the message at the House State Government Committee hearing in Pittsburgh on Wednesday, where cybersecurity and blockchain experts discussed the technology’s potential impacts on government operations.

The first panel of the hearing focused on ways government entities can protect themselves against ransomware attacks and discussed the need for states to develop their own cybersecurity workforces. For an aging state like Pennsylvania, cybersecurity is an area where workforce development can not only boost the economy but also help the Commonwealth develop more secure IT systems, experts said.

“We’ve seen cyberattacks from our federal government all the way to local governments,” said state Rep. Seth Grove, chairman of the House State Government Committee. “As technology evolves, state policymakers need to be aware of the ongoing threats to their citizens and government functions due to cyberattacks. »

Tyler Clark, head of state and local government industry at Microsoft, said basic digital hygiene can protect IT systems from up to 98% of attacks.

“According to our research from the previous fiscal year, government was actually the most targeted sector at 48%, followed closely by non-governmental organizations and think tanks at 31%,” Clark said. “The primary actionable learning from all elements of our digital defense report is to minimize the impact of attacks, we must practice good security hygiene, implement architectures that support zero trust principles, and ensure that cyber risk management is integrated into all aspects of the business.”

The Pennsylvania National Guard has joint cybersecurity operations to assist the Commonwealth. Its cyber protection team can provide state entities with incident response, information sharing, education and training. The team has conducted more than 30 cyber assessments at the local, county and state level since 2014.

We need to solve the cyber talent pool. Each year, only 3% – or about 65,000 US students – graduate in computer and information science security and fewer than that major in cybersecurity.

Tyler Clark

We need to solve the cyber talent pool. Each year, only 3% – or about 65,000 US students – graduate in computer and information science security and fewer than that major in cybersecurity.

City & State has previously investigated the proliferation of cyberattacks and how this has prompted Commonwealth municipalities to take additional steps to secure their systems. In this report, the city of Allentown handed out more than $1 million in repairs and recovery after a ransomware attack infiltrated the city’s computer systems in 2018. The “Trojan horse” type of malware “can disguise itself as harmless to the user, but once inside, it can steal credentials and fight its way through computer systems.

Although the Allentown payout is an example of cleaning up the damage caused by an attack rather than paying a ransom to the perpetrators, the payouts for either scenario can be costly. The average ransomware payment is still over $111,000, according to the National Guard.

The increase in cyberattacks provides an opportunity for a strengthened security industry. Clark noted that cybersecurity jobs are in high demand, and some entry-level positions require certificates rather than degrees.

“We need to solve the cyber talent pool. Each year, only 3% – or about 65,000 US students – are qualified in computer and information science security and fewer than that major in cybersecurity,” Clark said. “Analysis of LinkedIn and cybersec.org shows that there are nearly half a million cybersecurity job openings today. And these are jobs that paid on average more than $100,000.

Grove, a Republican from York County, said the Commonwealth needs to do more to help steer young people into cybersecurity if they’re interested in that kind of work. Microsoft is among the companies with programs that help enroll students in information technology courses at community colleges.

Clark added that there is a “great opportunity” for states to use federal infrastructure investment and jobs act cybersecurity funding to coordinate and expand state-level cybersecurity services. state to county and local governments.

“Most states have struggled to make these investments,” he said. “It’s easier to finance capital assets, in many cases, when you have a lot of funds to invest. It’s more difficult when you get to the operational side.

Leave a Reply