Langevin takes aim at technical debt as roadblock to better security

Rep. Jim Langevin, D-R.I., said state and local governments need to pursue IT modernization to reduce their cybersecurity risks.
jim langevin
Rep. Jim Langevin, D-R.I., gives opening remarks at a hearing on the 2021 Colonial Pipeline ransomware attack. (Anna Moneymaker / Getty Images)

One of Congress’ top voices on cybersecurity attributed state, local and education-sector cybersecurity troubles to aging technology that leaves governments and schools more vulnerable to attacks.

Speaking Tuesday during the Cybersecurity Modernization Summit hosted by StateScoop and EdScoop, Rep. Jim Langevin, D-R.I., said officials at all levels should be more concerned with modernizing their systems to defend against persistent and emerging cyber threats.

“For many state and local governments, schools, institutions of higher education, the problem is often compounded by the prevalence of legacy IT throughout their networks,” said Langevin, a co-founder of the Congressional Cybersecurity Caucus. “As this technical debt is carried forward, their information systems and the services that rely on those systems will become more and more susceptible to cyber-enabled disruptions. That should be something that’s setting off alarm bells for policymakers everywhere.”

Langevin, who announced earlier this year that he won’t seek re-election after 11 terms on Capitol Hill, also noted that pandemic-era shifts to telework and virtual learning “changed the apertures of vulnerability for hackers to exploit” and that such trends have only heightened the necessity of modernization.


“A ransomware attack against a state or local government could seriously impair its day-to-day functionality and jeopardize Americans’ access to vital services such as unemployment insurance or vaccine scheduling,” he said. “Or in the case of a school or higher education intuition, a ransomware attack could seriously jeopardize that institutions ability to fulfill its academic mission.”

Langevin also said that institutions across all levels are “grappling” with the notion of shared responsibility in addressing cyber threats. In the case of state and local governments and the education sector, he said cloud service providers should play a greater role in mitigating risk.

But he also said the federal government can continue to increase its contributions. While Langevin took credit for some recent steps — including the 2021 infrastructure law’s $1 billion cybersecurity grant program and a recent $11 million boost to the Multi-State Information Sharing and Analysis Center — he said, “I wouldn’t be speaking today if the job was finished.”

One item Langevin said he plans to pursue with his remaining time in Congress is the establishment of a federal Bureau of Cyber Statistics, an agency originally suggested by the Cyberspace Solarium Commission, a policy group that drafted several major cybersecurity proposals that are now federal law. The new bureau, he said, would “collect, process, analyze and disseminate” information on cyber threats and mitigation measures.

“Ultimately, the goal is to help us better understand what’s working and what’s not,” he said. “State and local governments and institutes of higher education and local school districts would be able to take more informed steps to manage their cybersecurity risks, and the federal government would be able to more efficiently provide the resources to help them do it.”

Benjamin Freed

Written by Benjamin Freed

Benjamin Freed was the managing editor of StateScoop and EdScoop, covering cybersecurity issues affecting state and local governments across the country. He wrote extensively about ransomware, election security and the federal government’s role in assisting states and cities with information security.

Latest Podcasts