Idaho needs to shore up cybersecurity, task force says

BOISE (AP) — Idaho needs to be better prepared to defend against inevitable cyberattacks that could harm individuals, businesses and critical infrastructure, the Governor’s Cybersecurity Task Force said in a report released Wednesday.

The 34-page report contains 18 major recommendations that include providing active cyber deterrence, increasing spending on cybersecurity, ensuring election integrity and increasing the public’s awareness of cybersecurity threats.

“Across our state and throughout the nation, there have been few more pressing threats than the threat to safety, security and freedom of cyberattacks,” said Republican Gov. Brad Little at a Cyber Security Task Force news conference announcing the report at the Idaho National Laboratory Meeting Center in Idaho Falls.

“This is not a one-and-done,” Little said. “We’re going to implement the baselines from this, but then we’re going to have to continue with these recommendations.”

Among the task force’s recommendations is developing a statewide strategy that provides a clear set of actions to improve the state’s cybersecurity.

It also recommends that Little establish and the Legislature fund an Idaho Cyber Fusion Center that could be a central resource for identifying cybersecurity threats, warning of them and coordinating responses to them.

The task force also suggests creating a cyber response defense fund in case of a cyberattack involving elections. That has already been taken care of with $12 million approved by lawmakers earlier this year. Another $500,000 was approved for “proactive integrity audits” to enhance election transparency and confidence in election results.

Little formed the task force in August 2021 to deal with the heightened risk the state faces from cyberattacks as Idaho becomes increasingly connected with the world and more devices are connected to the internet.

The task force has 19 members representing key Idaho institutions, including the Idaho National Laboratory, the Idaho Department of Commerce, Idaho Office of Emergency Management, Idaho Power, Micron Technology, Bank of Idaho, Boise State University, University of Idaho, Idaho State University and several Idaho state lawmakers.

“The more digital connections people make and data they exchange, the more opportunities adversaries have to destroy private lives, disrupt critical infrastructure, and damage our economic and democratic institutions,” the task force’s report states.

The report lists five strategic objectives. Those are safeguarding Idaho’s infrastructure, increasing investments to bolster the cybersecurity workforce, ensuring election integrity, educating the public about cybersecurity awareness and keeping track of the changing global cybersecurity landscape.

The report notes Russia’s attack on Ukraine, that has included cyberattacks by Russia, and the potential for “cyber spillover.”

“The White House has repeatedly warned that Russia’s invasion, coupled with international sanctions, could lead the Kremlin to use cyberattacks against private sector organizations, including critical infrastructure owners and operators,” the report said. “Like all states, Idaho would not be immune to the consequences of such an event.”

Zach Tudor, associate laboratory director at the Idaho National Laboratory, co-chaired the task force.

“I believe the recommendations we developed lay the groundwork for improving Idaho’s cybersecurity stance both now and into the future,” he said at the news conference. “The timing of the report couldn’t be more important. Right now, there are billions of devices ranging from computers to smartphones, vehicles to vacuums, all connected online. And much of this technology isn’t properly secured. That means these systems and the people who rely on them are at risk.”