Iowa Legislature: Urgency needed on cyberattacks

State lawmakers are taking steps to address cybersecurity threats to government, including school districts and other local; government entities. We hope they move with a sense of urgency.

House Study Bill 15 would create a state cybersecurity unit that monitors incidents affecting state government and local governmental entities. The bill also requires those governmental entities to report cybersecurity issues within 10 days, providing information on when an attack is discovered, what agencies were notified and what data was breached.

We’ve already seen cybersecurity attacks hit three of the state’s largest school districts. Last summer, the Cedar Rapids Community School District encountered a ransomware attack that allowed hackers to obtain personal data on present and past district employees, The district paid the ransom.

Linn-Mar’s computer systems and phones were also disrupted in 2022. Earlier this month, the Des Moines School District experienced a ransomware attack.

These incidents caused canceled classes and programs, shut down online learning and had other disruptive effects. It’s past time for the state to step forward to address government cybersecurity.

Although setting a unit to monitor attacks and reporting requirements are a good start, we’d like to see lawmakers use state resources to provide expertise to local governments on how to deal with attacks and limit the damage. We’d like to see state investments in local efforts to protect critical data and systems. Local governments that lack that kind of expertise and training are soft targets for attacks.

We’d also urge lawmakers to include provisions in any cybersecurity bill that require more public information about that nature of an attack, the damage caused and ransom paid. The public was given precious little information in the Linn-Mar and Cedar Rapids incidents. Although we’re not calling for technical details about an attack and response, we believe taxpayers should be told far more about the consequences and costs, and how the government entity is working to avoid future incidents.

Cyberattacks can happen at any time. That underscores the need for lawmakers to make swift state action to stop them a legislative priority.

(319) 398-8262; editorial@thegazette.com

Opinion content represents the viewpoint of the author or The Gazette editorial board. You can join the conversation by submitting a letter to the editor or guest column or by suggesting a topic for an editorial to editorial@thegazette.com