Maksim Kabakou -

Why a unified local government security program is crucial

When considering a local government cybersecurity program, companies must understand the dangers of not having one. Matt Pascucci explains why a program designed to monitor the public sector is crucial.

Over the past few years, I've spoken to many state, municipality and other public sector professionals regarding cybersecurity, local government security and the risks they're up against on a daily basis. The concern regarding security within this sector shouldn't come as a surprise, as this industry is running our governments -- both state and local -- infrastructure, education, elections, transit, hospitals, electrical grids and transportation.

An attack on services offered by the public sector is a direct attack on the citizens utilizing and relying on them to function. Likewise, assaults on these services can have a direct effect on the quality of life of those within the radius of the disruption, as well as the local government security. These resources need to be defended to protect the public, but how can this be done effectively and repeatedly across the country?

With every state, county and community tackling the issue of cybersecurity and local government security differently, it's important to determine what's working and how to cooperate to accomplish security goals. One of the biggest concerns is being able to monitor, detect and respond to threat actors when they're actively infiltrating networks.

Historically, many of these organizations, especially at the local level, have been met with resistance when it comes to budgeting and receiving funds for cybersecurity. Incorporating cybersecurity into an organization is more than just acquiring tools; it's the people, processes and technologies working in tandem that makes the difference.

When these organizations are receiving limited funds, it becomes difficult to not only purchase solutions to reduce cyber-risk, but it's even harder to add additional employees to manage the program -- especially from a 24/7, year-round perspective. Due to the criticality of the systems within the public sector and a lack of resources to be as proactive as they'd like, we've seen many governmental agencies recommend or take unique approaches to reduce their pain.

One area in which we've seen movement recently is law enforcement and military agencies stepping in or being asked to be more proactive by creating cyber task forces within many local and state agencies. The National Guard and military reserve communities are ramping up security efforts, as well, but more oversight is needed.

Local governmental agencies need a way to work with established communities to assist with blue team and incident response efforts nationally and locally. The question of budget will always arise, but there is a dire need for a program designed to specially monitor our public sector systems.

Citizens have a right to privacy, health and quality of life, so government and public sector agencies need to be proactive about creating repeatable programs across the country. Does this mean incentives should be installed for a multistate monitoring program?

One option might be having a state-funded security operations center (SOC) that works like a managed security service provider (MSSP) that is governed to reduce the mean time to detect and mean time to repair in our state and local organizations. We need to be more proactive when it comes to monitoring for threats and attacks in the public sector in terms of local government security.

Another option could be setting up a basic logging and event management system monitored by the state with the option to add additional features if the municipality or county can afford it. I think we need to have a state-based monitoring task force dedicated to monitoring within jurisdictions with information sharing across states to combat threats across the country. This is all possible today. These are questions that need to be answered and could change based on location.

To achieve this, public sector organizations can configure open source technology to reduce costs, can implement technology in a multi-tenant environment to keep data separate when needed, can build a dedicated SOC with 24/7 monitoring or can develop runbooks for each department. There are MSSPs building out similar infrastructures now, so why isn't this being done at a state or local level?

There is a desperate desire for this type of service in the public sector. The local cybersecurity community and the law and decision-makers of our local and state governments need to start making these changes. This is not just about decision-makers not budgeting properly, it's about an understanding of risk and the dangers of not prioritizing cybersecurity.

This is not just about decision-makers not budgeting properly, it's about an understanding of risk and the dangers of not prioritizing cybersecurity.

A few examples of state and nonprofit organizations looking to fill these cybersecurity gaps are the Center for Internet Security (CIS) Albert service and Michigan's Cyber Civilian Corps (MiC3).

The CIS Albert service offers open source networking tools to organizations eligible for Multi-State Information Sharing and Analysis Center tools within the public sector. These tools include a cost-effective method for continuous monitoring from a network security perspective.

MiC3 is a trained group of cybersecurity experts who volunteer to provide expert assistance to the state of Michigan to resolve and investigate cybersecurity issues when the governor declares a state of emergency. The volunteers within MiC3 are residents of Michigan who have backgrounds in information security, hold incident response certifications, are subject to background checks and are willing to volunteer their time.

It's forward-thinking groups like these that have filled the public sector security void. The CIS Albert service offers the open source tools needed for continuous monitoring, while MiC3 offers boots on the ground, trains incident responders, and has civilians with relevant backgrounds and a desire to protect the state.

More groups need to follow the lead of CIS and MiC3 and begin educating our lawmakers and local community organizers to make the protection of communities, counties and states a priority. We all want to make things safer, especially when there's a glaring need within cybersecurity -- let's work together to educate those who have the influence and control to make this a reality.

Dig Deeper on Security operations and management

Enterprise Desktop
Cloud Computing