Industry Groups Push For More Cybersecurity Funding In Future COVID-19 Stimulus Legislation

With high numbers of ransomware attacks and increased threats due to teleworking, advocacy groups want Congress to prioritize cybersecurity funds to local and state governments.

• By Haley Samsel
• Apr 21, 2020

Major technology advocacy groups, including The Cyber Threat Alliance, The Cybersecurity Coalition and The Global Cyber Alliance, have partnered up to push Congress to allocate cybersecurity funding for states and local governments in the next COVID-19 stimulus package.

Representing tech giants like Microsoft, Amazon, Adobe, McAfee and several cybersecurity companies, the organizations sent a letter to House Speaker Nancy Pelosi and House Minority Leader Kevin McCarthy on Monday requesting that cybersecurity be a priority in future stimulus bills, The Hill reported.

The advocacy groups, which also included BSA, the Information Technology Industry Council and more, cited increased cybersecurity threats as a result of the COVID-19 pandemic. Those threats come from a wider attack landscape with teleworking and increased ransomware attacks on local governments.

“The rise in malicious cyberattacks targeting State and local entities, combined with the chronic lack of workforce, patchwork legacy systems, under-resourced cybersecurity and IT services, and uneven federal assistance creates a greater risk of system failures that interrupts services on which State and local populations depend,” the groups wrote.

Cybersecurity and IT workers themselves are facing several obstacles despite higher demand for their services, including the proliferation of work-from-home policies and the additional vulnerabilities that come with using IoT devices on different wireless networks.

“Their limited resources risk being overwhelmed by the substantial increase in demand for online services, and the sizable increase in malicious cyber activities as reported by both State and local officials, as well as private sector threat intelligence organizations,” the letter reads.

Other issues include the increase in use of “unvetted personal devices” to access government networks and an increase in the costs associated with providing monitoring of those devices along with IT help.

Industry advocates are also concerned that states and local governments will be unprepared to deal with ransomware and other malware attacks on hospital systems, which could cost lives if networks go down and doctors cannot access patient information or coordinate patient care technologically.

Cybersecurity firms have reported higher rates of coronavirus-related phishing attacks on organizations large and small over the past few months, making the potential for a successful cyber attack on public health systems more likely.

“Healthcare facilities like these, which make up nearly 20% of the United States’ community hospitals, have been targeted by malicious cyber attacks at a time when disrupted service is intolerable,” the letter reads.

In turn, the industry organizations would like to see more prioritization of cybersecurity funding in upcoming coronavirus relief legislation. The previous $2 trillion COVID-19 stimulus bill included some funding for IT modernization and $9.1 million for CISA, the Department of Homeland Security’s cyber agency, according to The Hill.

“We urge addressing this important problem in the next available vehicle for COVID-19 response and recovery,” the groups wrote. “We firmly believe that these measures are necessary to support the vital role that State and local entities play in public health operations during this public health emergency.”