Cyberattacks on the Federal government and industry tend to dominate headlines and the public discourse. Yet state and local governments are increasingly in the cyber crosshairs as well: 97 percent of local government IT executives listed cybersecurity as a key priority for the current fiscal year, a recent survey found.
State and local leaders can do plenty to prepare for potential attacks, said Jim Richberg, public sector chief information security officer at Fortinet. In a recent episode of MeriTalking, Richberg urged them to embrace a holistic approach that builds operational resilience into cybersecurity, taking advantage of new technologies such as artificial intelligence (AI) and following the lead of the Federal government.
The biggest priority for state and local IT officials, Richberg said, should be improving procurement. “For state and local government, the biggest challenge I encounter is effective procurement,” he said. “It’s helping people be efficient at spending the money, in part because we have a shortage in state and especially local government, of people who are not only procurement experts, but who also understand cybersecurity.”
To build operational resilience, IT leaders should start by following the approaches laid out in Federal frameworks, such as President Biden’s 2021 cybersecurity executive order and the National institute of Standards and Technology’s Cybersecurity Framework. They show, Richberg said, that the Federal government has done much to “up its game” on cyber defense.
In addition to leveraging Federal guidance, Richberg advised state and local government agencies to take advantage of technology trends, such as the growing convergence of networking and security.
“Increasingly, we’re starting to see that networking and security are two sides of the same coin,” he said. “You see that strongly in areas like software-defined networking, which is a part of everything from 5G networking for some of the biggest carriers to a whole lot of cloud solutions.” Richberg suggested that IT leaders consider an SD-WAN approach, which can dynamically move traffic over a variety of networks for the best user experience and also support zero trust security architectures.
Beyond the technology trends, Richberg said states and localities should also seek more funding for technology infrastructure projects from the Infrastructure Investment and Jobs Act (IIJA), which can boost cybersecurity. “Based on the data I’ve seen to date, he said, “not all jurisdictions are utilizing the share of (IIJA’s) state and local grant program that would go to them.”
If they take these steps, Richberg concluded, state and local leaders will not only build cybersecurity resilience that can help withstand attacks, but also build partnerships with other officials and organizations who can help.
“The other bit of advice that I give to organizations who are talking about how they want to build resilience in cybersecurity is you enlist allies,” he explained. “It’s not just about delivering technical solutions. It’s about … being a genuine part of the team in government.”
Listen to the full episode.