In November 2021, federal lawmakers approved dedicated funding for state and local government cybersecurity efforts. The new State and Local Cybersecurity Grant Program — included in the massive Infrastructure Investment and Jobs Act — provides $1 billion for cybersecurity improvements over four years. Then, in March of this year, President Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022 as part of the Consolidated Appropriations Act of 2022. Taken together, these laws point toward significant changes in the nation’s historically decentralized approach to cybersecurity. New cybersecurity legislation is being driven by a threat environment that seemingly grows more menacing by the day. It’s likely that state and local agencies will receive additional federal cybersecurity support going forward, along with greater federal oversight. Learn how your agency or municipality can take full advantage of the increased funding to protect against increasing challenges in Carahsoft’s Innovation in Government® report.
Navigating Security in a Fast-Changing Environment
“Threat actors are constantly devising new attacks and methodologies, so organizations must stay on top of trends and constantly evolve how they build and secure their software supply chain. It isn’t a ‘set it once and you’re good’ kind of thing. President Biden’s executive order on improving the nation’s cybersecurity and some bills going through Congress will help address some of the issues. Among many things, the executive order mandates service providers disclose security incidents or attacks. It’s also important to establish a community where security professionals across the nation can exchange security and threat information. You don’t want to solve these things in a vacuum. We’re stronger as a community than as individual organizations.”
Read more insights from SolarWinds’ Group Vice President of Product, Brandon Shopp.
User Identities in a Zero-Trust World
“State and local governments — which have become top targets of phishing, data breaches and ransomware attacks — must be able to prevent cybercriminals from accessing all endpoints, including those associated with a distributed workforce. Prior to the pandemic, employees primarily accessed databases, applications and constituent data from within the secured network perimeter of an office. Now users are connecting from their home networks or unknown networks — even cafes — that don’t have the security protections that exist within a physical office. That heightens the need for Zero Trust, which has ‘never trust, always verify’ as a main tenet.”
Read more insights from Keeper Security’s Director of Public Sector Marketing, Hanna Wong.
Secure Collaboration for the Work-from-Anywhere Future
“The first step is to look at your content governance model. What does that content life cycle look like from ingestion or creation to consumption and archive? Compliance must be part of that entire process. Then, it comes down to your platform and tools. Are you selecting a platform like Box, where your entire content repository is unified and ensures compliance from the point of entry to the point of disposition — all while offering a seamless user experience? Or are you signing up for a disparate and disconnected strategy where you are now responsible for tracking and making sure that different data sources are compliant? Content fragmentation, even in the cloud, can introduce unnecessary exposure and a compliance risk.”
Read more insights from Box’s Managing Director for State and Local Government, Murtaza Masood.
What High-Performing Security Organizations Do Differently
“State and local governments are still trying to get a handle on remote access. At the beginning of COVID, most agencies didn’t have a 1:1 ratio of devices to send home with people, so they were forced overnight into a bring-your-own-device support model and virtual desktop infrastructure (VDI) implementation. In many cases, the VDI implementation wasn’t very secure, nor was it optimal. Now agencies are asking how secure their setup is, and they have to go backward to address that, which can cause some real challenges.”
Read more insights from HPE’s Master Technologist in the Company’s Office of North America CTO, Joe Vidal, and Server Security and Management Solutions Business Manager, Allen Whipple.
Download the full Innovation in Government® report for more insights from these cybersecurity thought leaders and additional industry research from GovTech.
