What local governments can do to build better cybersecurity

Ensuring the funding of proper cybersecurity and other cyber-related projects has long been a challenge in the public sector. There are few incentives to invest in cyber because it’s not easy to boast about to constituents as the threats it protects against are nebulous and often unseen.

However, the recent SolarWinds, Microsoft Exchange and Colonial Pipeline attacks show that this mindset can hurt us. These attacks have been expensive, public reminders that making security an afterthought is impractical—it’s too dangerous, costly and unpredictable.

The recently passed American Rescue Plan recognized the danger of this mindset and earmarked $350 billion in flexible aid to state and local governments, giving them great autonomy to use these funds to best serve their needs.

What my conversations with local governments reveal is that the tide may be turning. These organizations are investing holistically in infrastructure. Their plans for building hospitals and roads, deploying aid to small businesses and other impacted constituents, and rolling out vaccines, have one thing that ties them all together: cybersecurity.

The sauce, not the garnish

In the highly centralized network architecture that many governments have traditionally run, security was often seen as a garnish—something that was nice to have but not integral to completing the dish.

That approach is no longer feasible. Advancements in cloud-based applications and services, the proliferation of IoT and other connected devices, and the onset of the pandemic and remote work elevated the importance of security. Suddenly, hundreds or even thousands of devices were connecting to the network, many from outside the network itself and its centralized suite of security tools, revealing new avenues of vulnerability that bad actors could exploit.

What’s more, the data these devices are working with is increasingly important—and valuable. From cameras collecting traffic data to hospitals electronically recording patient data to the online education systems that protect student data, local governments are collecting, transmitting, storing and analyzing vast amounts of personal information about their constituents.

Bad actors know this. In fact, a recent survey found that 84 percent of government organizations in the United States saw one or more cloud networking attacks in the past year. Increasingly, government organizations are finding that they need to do more than just secure devices, they need to be vigilant wherever the data is. And increasingly, the data is everywhere.

To read the complete article, visit American City & County.