Where local governments must allocate federal funds to support the future of cybersecurity

This past February, the Department of Homeland Security’s State and Local Cybersecurity Grant Program began to distribute funds to states with approved cybersecurity plans. For budget and resource strapped state, local and territorial governments (STLGs), these grants enable crucial cybersecurity investments to protect our nation from unprecedented cybersecurity risks and help bridge the gap between current funding and security needs.

Even with the additional funding provided by these grants, SLTGs will need to use the money wisely to optimize state and local government protections, beginning with data security reviews, consolidation of security and development tools and the enablement of rapid modernization.

Data security review
To determine gaps and potential vulnerabilities, and update administration policies, agency leaders should conduct a data security review to inform an effective security plan. The goal is to make sure there is a security policy that is enforceable and actionable to protect platforms, applications and the data they access. Begin with a role-based permissions review to ensure awareness of what users can do and when and where they can do it.

Next, verify what data can be accessed and determine if it’s through an application or directly. Then locate the connection and ensure it is encrypted. A common challenge when maintaining complete awareness of software security is understanding the vulnerabilities introduced throughout the entire software supply chain, including open-source code.

Local government IT leaders must also ensure administration policies are up to date and which administrators have system access, then review the installation of platforms and implement proper installation, patching and version policy. Any applications should be subject to a security policy indicating a reasonable maximum time frame for adopting major releases, minor revisions and security patches.

Consolidate security and development tools
State and local governments have limited IT budgets, but are tasked with a wide range of priorities, with modernization and security among the most important. Utilizing DevSecOps is one way to address both priorities, making it essential to weave into state security plans.

DevSecOps combines development, security and operations, in turn optimizing delivery and maintenance of software while ensuring security at every step of the development process. The approach allows developers to release code notably faster than traditional methods, so modern systems are more rapidly and securely delivered to constituents.

To read the complete article, visit American City & County.