Ohio Gov. Mike DeWine was right to send his homeland security adviser to Washington to ask Congress for cybersecurity funds.
But that is just a start.
Ohio cannot afford to wait for a federal subsidy. DeWine’s administration needs to take aggressive action on its own.
Public entities across the state – local governments and school districts – all are grappling with tight budgets in the aftermath of the coronavirus pandemic and can ill afford the losses from a cyber attack.
Few have the money or sophistication to build up their computer systems and fend off cyber attacks individually.
This is a problem where it would be difficult for the state to do too much. Cybersecurity is the growing threat of the century.
DeWine’s assistant director of the Ohio Department of Public Safety, Karen Huey, recently told a Senate panel the challenges of dealing with cybersecurity were akin to the challenges faced after the Sept. 11, 2001, terrorist attacks.
Once hackers gain access to systems, they often demand ransoms or threaten victims with the loss of key information or permanent damage to their computer networks.
Cyber intrusions can shut down corporate operations and cause havoc with consumer prices. For governments, they can interrupt public services and prompt budgetary crises.
A recent study cited during the Senate hearing pegged the cost of attacks on state and local governments in 2020 at nearly $1 billion dollars.
The problem is, indeed, global in nature.
It was a topic of discussion between President Joe Biden and his Russian counterpart, Vladimir Putin, when they met earlier this month in Switzerland. Biden said afterward that he told Putin to crack down on cyberattacks.
A ransomware attack in May at Colonial Pipeline’s headquarters forced the shutdown of a vital East Coast pipeline, causing gasoline shortages and driving up fuel prices.
Cleveland Hopkins International Airport was targeted in 2019. Subsequent upgrades cost nearly $2 million but were credited with fending off subsequent attacks.
Russian hackers looted $471,000 from Avon schools in a series of illicit wire transfers from the district’s bank accounts in 2017.
That’s why Ohio cannot afford to wait for the federal government. It needs to forge ahead on its own, with the state government helping communities harden their systems.
To be sure, Ohio has taken initial steps.
The Ohio National Guard joined with more than 30 public, private, military and educational organizations to form the Ohio Cyber Collaboration Committee, known as OC3.
It has been helped by the “Ohio Cyber Reserve,” a volunteer force of trained cybersecurity civilians that DeWine can call to help governments and businesses meet their cybersecurity needs and to help reduce cyber threats.
But is reliance on help from volunteers enough?
Ohio gets just $340,000 in homeland security money for cybersecurity, even though it is the nation’s seventh most populous state.
Huey urged Congress to consider a dedicated cybersecurity grant program for states, arguing the money could be used to help local governments secure their computer systems.
Again, that is a start, but Ohio needs to be more aggressive.
Cybersecurity problems are likely to keep getting more serious. And that calls for decisive action, with or without federal funding.
DeWine needs to lay out a plan of attack – one that carries a sense of urgency and deadlines and is backed, if necessary, by state funding. Having a plan in place by summer’s end would not be quick enough.
About our editorials: Editorials express the view of the editorial board of cleveland.com and The Plain Dealer — the senior leadership and editorial-writing staff. As is traditional, editorials are unsigned and intended to be seen as the voice of the news organization.
Have something to say about this topic?
* Send a letter to the editor, which will be considered for print publication.
* Email general questions about our editorial board or comments or corrections on this editorial to Elizabeth Sullivan, director of opinion, at firstname.lastname@example.org.