Local governments in Indiana will soon be able to tap into the expertise of universities to improve their cybersecurity.
Since its inception in 1986, the Technical Assistance Program (TAP) at Purdue University has provided professional education and services to business and government. In the past decade, its cyberTAP division has also conducted cybersecurity assessments.
cyberTAP will now partner with Indiana University’s Office of Technology (IOT) and Indiana University’s Center for Applied Cybersecurity Research (CACR), to evaluate the cyber security posture of local authorities and help them plan how they can further protect their environment.
According to TAP Executive Director Matt Trumpsky, the four-year partnership hopes to produce assessments of approximately 100 local governments per year.
As local governments have digitized property, tax and other records, they have increased their attack surface and must also strengthen their defenses.
“What we want to do is make sure that the government can continue to function and not be so susceptible,” Trumpsky said. “We will never stop all cyber and information security threats,” he said, but added that business continuity is critical because local government affects every citizen.
Assessments by participating local authorities will build on existing cyber security frameworks such as National Institute of Standards and TechnologyNational Science Foundation Excellent cyber security and Internet Security Center. A joint team of 10 from cyberTAP and CACR will lead the evaluation, with students from both institutions also able to assist.
The assessments are designed to inform local governments about their cybersecurity readiness, help them refine priorities, and improve Indiana’s overall cybersecurity posture.
“Local governments work with the state in different ways, and computer systems are interconnected. A vulnerability on either side puts the other at risk,” said CIO Tracy Barnes. “We have invested heavily in protecting state systems and now is an opportunity for local authorities to see the final steps towards improving their systems.”
Trumpsky said local governments are increasingly at risk of cyberattacks from hackers who see them as “low-hanging fruit,” so protecting them helps protect other government organizations.
“There are sophisticated adversaries and … criminal organizations that seek to exploit these resources,” Trumpsky said. “So it’s not just the more savvy adversaries, but those looking for quick ways to make a few bucks. And, unfortunately, this puts local authorities in particular in the crosshairs.”
He said local governments have already turned to cyberTAP for help and advice on cybersecurity, so this partnership helps formalize those efforts.
Rather than using the program to punish local governments for any shortcomings in their cybersecurity efforts, Trumpsky said, it will help state and local officials better “understand” the landscape and see the “big picture” of where investments are needed.