State cybersecurity leaders have their work cut out for them—and nowhere near enough cash to do it, according to a recent report by Deloitte and the National Association of State Chief Information Officers (NASCIO).

While every state now has a chief information security officer, and the survey found 98% have some formal authority, 40% of responding representatives for those CISO’s offices reported that they did not have the budgetary resources “to keep assets and citizens safe.” They also reported limited visibility into their own funding, with 48% saying they couldn’t “readily attribute from available financial data how much of their states’ IT budget is allocated to cybersecurity,” according to Deloitte.

Deloitte also found just 6% of CISOs said they have an allocation of 10% or more of their state’s overall funding for IT functions, though 10% tends to be the baseline for federal agencies’ cybersecurity spend. Four CISOs reported not even having a dedicated budget.

While some reported tapping the State and Local Cybersecurity Grant Program, a federal grant initiative, the CISOs broadly said it wasn’t enough to offset lack of funding elsewhere. One pointedly told Deloitte that the money wasn’t enough to secure aging water and wastewater facilities, which federal agencies have repeatedly warned are susceptible to cyberattacks.

Read the rest here.—TM

Internet Archive, one of the web’s most beloved digital library websites, has been the target of multiple cyberattacks that compromised the information of 31 million users.

The series of unfortunate events for the nonprofit began on Oct. 8 when Internet Archive founder and Digital Librarian Brewster Kahle took to X, formerly known as Twitter, to reveal that the website was the target of a distributed denial-of-service (DDoS) attack and that it was working to restore services.

Kahle later that day announced in a post that the attackers, which he dubbed “library lovers,” had “gone away.” However, the following day he disclosed via X that the attacker repeated the DDoS attack on the website. According to The Verge, users who attempted to access the website that day were greeted with the following alert:

“Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP [Have I Been Pwned]!”

Read more here.—BM

The US’s lead treaty negotiator on a controversial international cybercrime agreement said it would be a mistake not to sign, according to The Record.

Ambassador Deborah McCarthy, who has taken point for the US on the United Nations General Assembly’s Ad Hoc Committee on Cybercrime, urged the Biden administration not to change course on the treaty, which the committee unanimously approved in August 2024. Recent reports have indicated the White House is reluctant to sign on the grounds that foreign adversaries like China and Russia could point to provisions in the treaty as pretext for mass surveillance.

“It would be unheard of for us to pull out of consensus after we led the system and joined,” McCarthy told attendees at an event for the Center for Strategic and International Studies on Oct. 4. “There’d be huge disappointment if all of us in the US were to say, ‘You know, we’re not part of this.’ And I think that would drive a big wedge at the UN.”

McCarthy referred to an upcoming vote on the treaty as “pretty much pro forma,” The Record reported, adding her team’s inquiries of other democratic countries have found no opposition to its passage.

Keep reading here.—TM