State Treasurer Candidate Erin McClelland outlined what steps she will take if elected to address the growing cybersecurity threat in Pennsylvania with the recent attacks on our public cybersecurity assets.
McClelland, of Allegheny County, is calling for the creation of a Pennsylvania Cybersecurity Leadership Collaborative.“As state Treasurer, I will lead the development of a comprehensive, high-velocity network to protect our critical infrastructure and the taxpayers’ dollars,” said McClelland.
This group would be facilitated by the Treasurer’s Office and would include industry experts in a number of related fields, including banking and technology. McClelland feels it also would be well-served to have working relationships with the many other government agencies who are actively involved in cyber-security mitigation.
According to IBM, an average company spends 197 days to identify and 69 days to contain a security breach. But it takes an attacker an average of only 9.5 hours to successfully access the target network (Yoo, 2021).
McClelland, one of two Democrats who will be on the April 23 Primary Election ballot to face Incumbent Republican Stacy Garrity, stated her belief that: “the state legislature is ill-equipped to effect the level of change necessary to build a statewide structure possessing the velocity, integrity and accuracy necessary to reach a level of effectiveness. This process must be facilitated at an executive level, ideally by the state Treasurer.”
She continued, “To tackle an issue this big, for which we already have a significant disadvantage, we must implement a state-wide, high-velocity organizational structure if we are to have a chance of catching up. Each day we approach cyber threats with the sluggish and bureaucratic motions that the legislature enacts, our enemies gain exponential amounts of ground.”
“There is a tremendous focus from policy-makers on the money required for this effort, which is extremely important. But, effectiveness and success will come down to the process we implement, the time we accumulate against our attackers, and ultimately the amount of value we capture for our dollars,” added McClelland.
McClelland says the entire chain of a cybersecurity attack is very similar to any other supply chain in key performance indicators of time, such as the calculated time to detect, fail, respond, and next occurrence.
“The severely lopsided measurements of these indicators give a significant advantage to the attacker making time the root cause of the problem we are trying to solve,” said McClelland.
McClelland said she believes The National Association of State Treasurers (NAST) is in agreement with her approach that it should be the Treasurer leading the Commonwealth’s cybersecurity infrastructure development.
From the NAST website: “State Treasurers serve as the chief financial officers, bankers, and money managers of their respective states by safeguarding public funds and providing a wide range of financial management services to their constituents; and while their specific roles and responsibilities may vary, all State Treasurers play a critical role in overseeing the assets, investments, and overall fiscal well-being of their state. State Treasurers invest and manage over $3 trillion in state funds, which often include employee pension programs. State data, funds, and other assets must be safeguarded from cybersecurity attacks and other similar threats.”
McClelland says we must create a culture that prioritizes safety across Pennsylvania. She is the only candidate for state Treasurer openly talking about the dangerous cybersecurity threats that face us.
“It is the duty of NAST to support efforts, which may include cross-functional and multi-agency partnerships, at all levels of government and across the public and private sectors, to effectively mitigate the risks of cybersecurity threats, vulnerabilities, and the resulting impact on systems serving the public,” McClelland added.
McClelland addressed barriers facing cybersecurity threat mitigation: “Government entities in the U.S. do not operationalize an intrinsic value for safety. The third leading cause of death in this country is medical error, and has been for years. There were more mass shootings than there were days in 2023. These are preventable deaths which we as a society tolerate as policy-makers do nothing to stop them. So, it is of no surprise that although cyber-attacks have been increasing, there has been little done to address them.”
“Shifting this organizational culture is a psychological process that requires diligent leadership through a designated single point of accountability (SPA) who must be trained to guide the culture shift,” said McClelland, who was a Process Improvement Manager at the Institute for Research, Education and Training in Addiction (IRETA) training under a former U.S. Treasury Secretary.
“Daily action item checklists, a real-time root cause problem solving approach, and a shared learning component to get all partnering agencies and entities on the same page, sharing their institutional knowledge are just a few of the components that generate a value for safety. Building this value then encourages workers and elected officials to prioritize safety issues, react meaningfully, and strive toward eliminating the cause of any unsafe conditions, including cyber threats,” said McClelland.
Learn more about Erin McClelland’s campaign for State Treasurer at ErinMcClelland.com. For media inquiries, please contact (570) 980-3096 or email ErinMcClellandforPA@gmail.com.