State and local governments have increasingly become attractive targets for cybercriminals because of the immense amount of sensitive data they store. And while legislation has been passed to provide state and local entities with better cybersecurity protections, many still find themselves vulnerable to attack.
This past May, for example, millions of residents in Louisiana and Oregon with state-issued driver’s licenses, IDs, or car registrations had their data exposed as part of the ongoing MOVEit data breach.
Separately, Dallas is still recovering from a ransomware attack that disrupted several city departments earlier this year, which at one point forced first responders to use radios, pens, and paper to address and keep track of emergency calls. And Oakland, California, was hit with a lawsuit in the wake of a ransomware attack when over 600 gigabytes of personal data of current and former city workers was stolen and leaked.
These events are causing more and more state and local governments to reassess their cybersecurity programs. From coordinating more closely with their federal counterparts to investing in new technologies and tools, local public-sector entities have come to recognize the importance of fortifying their defenses.
How states are fighting back
In the last year, 24 states enacted over 40 bills around cybersecurity legislation. Their efforts include having incident response plans in place and providing funding for cybersecurity programs and practices in state agencies, local governments, and schools.
California is in the midst of implementing a multi-year cybersecurity roadmap called Cal-Secure. Built on industry-leading best practices and frameworks, Cal-Secure defines a path for state entities to strengthen their cybersecurity measures so they can continue to operate without interruption. New York announced something similar, debuting its first-ever cybersecurity strategy early last week. The strategy focuses on five key areas for improvement, including modernizing the state’s current security technology and growing its cybersecurity workforce.
North Carolina became the first state banning government entities (like cities, counties, local schools, and the University of North Carolina) from paying ransoms connected to cyber attacks. Administrators and cybersecurity specialists are restricted from even communicating with ransomware groups when an attack occurs. Florida later passed its own law prohibiting its government entities from paying ransoms.
But throughout all of these efforts, state and local entities are adamant about the need for continued federal support. While cybersecurity at the federal level may differ from a state and local level, collaboration is key to implementing new tools and security measures.
The role of the federal government in state and local cybersecurity
Budget constraints are something state and local governments have always contended with. Investing in new technology, processes, and more to meet modern cybersecurity standards can be challenging.
The good news is that now, through the Department of Homeland Security’s first-of-its-kind cybersecurity grant program, state, local, and territorial governments are receiving $1 billion in funding to build up their cyber defenses.
This is an important step to protect the public sector’s immense attack surface. On the local level alone, there are over 90,000 governments — and that doesn’t include state governments, tribal governments, or territorial entities like county offices and police departments.
The federal government has tried to lend its support in other ways as well. Most notably, by implementing new cybersecurity regulations and laws. The National Cybersecurity Strategy’s implementation plan includes 65 initiatives to be completed over the next three years. One of those initiatives specifically includes “supporting state, local, tribal, and territorial (SLTT) governments on ransomware defense.”
But even with the right amount of funding and regulation, implementing effective security measures can’t be done without first understanding what’s happening in the IT environment.
The missing piece
State and local agencies are increasingly turning to cybersecurity asset management to improve their security posture.
By connecting to hundreds of security and management solutions, cybersecurity asset management tools allow agencies to achieve a single system of record for all infrastructure. For example, the City of Los Angeles uses Axonius to gain a complete, up-to-date asset inventory, helping them enhance visibility into their endpoints and attack surface.
According to Tim Lee, CISO for the City of Los Angeles, “"When you’re talking about attack surface management, the key element is good asset management. You’ve got to have a good inventory of what you have. You’ve got to know what you are protecting."
Building an effective defense against cyber threats starts with a solid foundation. Once an accurate, comprehensive asset inventory is in place, IT and security teams can then effectively enhance areas like incident response and vulnerability management as well as focus their attention on scaling their cybersecurity programs.