Even before Clarke’s bill makes its way through Congress, states may be able to spend a substantial amount of money on upgrading their computer systems, thanks to the $350 billion in flexible aid that Congress provided states under the recent $1.9 trillion pandemic aid law.
That money is likely to land in state treasuries this week, followed soon afterward by guidelines on what states can spend it on, said Denis Goulet, president of the National Association of State Chief Information Officers, or NASCIO. He hopes that some of the money could be spent on upgrading computer networks and cybersecurity.
When COVID-19 pushed state and local government employees to remote work, that exposed states to more attacks.
The combination of insufficient budgets for cybersecurity, poor staffing and continued reliance on aging mainframe computers to operate key systems like unemployment insurance processing, for example, have left states even more vulnerable to attack and fraud, according to a biennial report on the state of cybersecurity in states prepared by the consulting firm Deloitte in partnership with NASCIO.
Several states lack the ability to monitor their networks on a continuous basis and identify a breach, said Srini Subramanian, a principal at Deloitte & Touche who is one of the authors of the report published in October.