Virginia counties figure to be at the front lines in the battle for cybersecurity, so George Mason University’s J.P. Auffret and Angelos Stavrou are helping them formulate a more cohesive defense with a grant that partners them with local governments.
Auffret, the associate director of the Center for Assurance Research and Engineering (CARE) within Mason’s Volgenau School of Engineering, and director of research partnerships in the School of Business, serves as the principal investigator for the Mason National Science Foundation Cybersecurity City and County Cross Jurisdictional Collaboration Project. Stavrou, director of CARE and professor of computer science, is the project’s co-principal investigator. Their endeavor combines the talents and resources of the state’s jurisdictions to foster key city and county cybersecurity partnerships and to address the institutional barrier that limit those partnerships.
“Those that are aware of the risk and the need for cybersecurity, they see the potential,” Auffret said. “And many local governments—both at the administration and board levels—are becoming more aware of the challenges.”
According to the Council of State Governments, approximately 60 percent of all U.S. counties list fewer than 50,000 residents, but “nearly all counties play a role in the nation’s critical infrastructure.”
Counties account for 45 percent of the nation’s road miles, 40 percent of the bridges and the operation of 30 percent of public airports, 1,550 health departments, and 3,105 police and sheriff’s departments, as well as utility services, such as water and electricity, according to the National Association of Counties.
The voluntary program, which is the result of an NSF grant of $299,000, encourages large, medium-sized and small cities and counties to share staffing, cybersecurity services such as security information and event management policies, training and key information about the best practices on cybersecurity governance and partnering. The project kicked off with a workshop held in Richmond in October 2017, with participants from local governments across Virginia devising a set of commonwealth recommendations. Plans for the spring include smaller regional workshops, including with Northern Neck and Middle Peninsula local governments.
Mason serves as the project’s organizer, overseeing all the project’s details in conjunction with a number of local, state and federal officials.
Origins of the collaborative project can be traced to a previous NSF grant in which massive Cook County in Illinois described holding cybersecurity workshops for smaller cities and counties in their region. Cook County also expressed interest in assisting further by extending vendor agreements and monitoring capabilities.
Recognizing that many small municipalities across the United States lack sufficient access to cybersecurity resources and the tools needed to assist budget-strapped administrations, the project also includes plans to provide a cybersecurity partnering roadmap and readiness assessment. The belief is that local governments working together with their state governments and the Department of Homeland Security will be prepared and more well-placed to tackle local cyber challenges to protect local government systems, as well as their electric, water and transportation systems.
Virginia is home to two of the nation’s most prominent airports in Reagan National and Dulles International, as well as numerous key military installations and other critical sites, so working closely together to keep the entire state secure makes sense, said David Jordan, chief information security officer for Arlington County and a partner and supporter of the project.
“We live in a culture where we don’t worry about things until they happen,” he said. “This is the first time we have an opportunity to be proactive and really have a massive benefit because of doing so. So we have to get our act together. Virginia is a very vital state to our nation’s security.”
Jordan said that it behooves every state locale to be proactive in the face of fast-changing cybersecurity threats, as many state cities and counties are increasingly adopting connected technology not just for administration, but for critical infrastructure such as electric, water and transportation systems.
Auffret said there are future plans to introduce similar programs to both North Carolina and Indiana.
“It’s a step,” he said. “It’s not making us safe, but it’s a step toward that hopefully.”