Cybersecurity Summit: Educating Cities on Systems, Processes, and People

Working at the Lower Colorado River Authority (LCRA) in Austin, Texas was an incredible experience. The quasi-governmental organization quietly rolls up their sleeves and provides essential services (electricity and water) reliably, efficiently and affordably – three core tenets which are vital when you are selling to smaller Texas cities. 

One of the highlights of my time with the LCRA was organizing and executing two Cybersecurity summits. Cybersecurity’s importance touches every industry and government organizations are particularly vulnerable because they don’t have the budgets, tools, people, or processes that are commonplace in the private sector. 

Many of LCRA’s power and water customers aren’t flush with cash. These cities provide city services to residents with staff that are underpaid, overworked and stretched thin. Unlike some of the wealthier towns and suburbs, many of LCRA’s smallest Central Texas customers boast hard-working people; many of whom rely on agriculture, farming or tourism to make ends meet. 

The elected officials for these towns know cybersecurity’s critical role, yet they can’t afford to hire the best and brightest to proactively keep city data and systems safe and resilient. The IT resource at small towns across Central Texas is often the person who does a little of everything for the city: helping out with accounting, answering technical questions from staff, and doing his or her best to find insight within all the data at a city’s fingertips. Despite cybersecurity’s ever-growing importance in a city’s present and future, the practice never gets the attention – or resources – it truly deserves. 

LCRA is blessed with leaders who know the wants and needs of the people they serve – and they aren’t afraid to act when it is the right thing to do. During multiple conversations and check-in meetings with city staff, it became clear that Central Texas cities were paralyzed by fear, uncertainty and doubt related to cybersecurity’s best practices, including tools, staffing, and processes. They needed help and they trusted LCRA to guide them to a place of confidence. 

For LCRA, Cybersecurity will always be an area augmented with smart folks using tools and processes that are battle-tested. Since LCRA owns critical infrastructure (power lines, substations, and dams), cybersecurity is and will always be a top priority for the organization. During my time with the LCRA, I was impressed by the depth of knowledge of the Cybersecurity team. 

• How would this knowledge be used for the good of Central Texas cities? 
• How could we help educate overworked city staff on cybersecurity opportunities and challenges? 

Sensing opportunity and a pressing need to help, the LCRA Cybersecurity Summit was born. 

At the event, cyber gurus from state and federal agencies presented the data security threats they face every day. Most importantly, they shared the cyber aware proactive posture all must embody in order to keep assets and information safe and resilient. Available resources were discussed to help Texas cities put cybersecurity and governance plans in place that wouldn’t interrupt their ability to serve their customers. 

Within the 1st hour, we observed an event that was alive with energy. The sessions were packed. The presenters were overwhelmed with questions at the conclusion of every presentation and discussion. This, however, was not the most important aspect of the cybersecurity summit. The most valuable parts of the event were the discussions in the hallways and tables before and after each presentation. During this time, the staff and elected officials for Central Texas cities shared what was working and not working when it came to cybersecurity. 

I had a chance to participate in a number of these side discussions and was amazed that nearly all the cities faced the same challenges — challenges that may have never been voiced if LCRA did not ‘get out of the building’ and listen to the market they serve. 

• How do you keep track of and monitor the ever-changing list of standards, regulations and governance mandates? 
• What does a cybersecurity staff look like? And how many folks are you planning on bringing in over the next few years? 
• What skills should you be considering when hiring cybersecurity experts? 
• Our systems got breached last year and it cost us dearly. How can I ensure that something like this doesn’t happen again? 

Through the active discussions over the course of two cybersecurity summits, LCRA customers felt more informed and poised to proactively monitor and respond to cybersecurity incidents. Getting out of the building has HUGE upside.