In November 2021, federal lawmakers approved dedicated funding for state and local government cybersecurity efforts. The new State and Local Cybersecurity Grant Program 鈥 included in the massive Infrastructure Investment and Jobs Act 鈥 provides $1 billion for cybersecurity improvements over four years. Then, in March of this year, President Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022 as part of the Consolidated Appropriations Act of 2022. Taken together, these laws point toward significant changes in the nation鈥檚 historically decentralized approach to cybersecurity. New cybersecurity legislation is being driven by a threat environment that seemingly grows more menacing by the day. It鈥檚 likely that state and local agencies will receive additional federal cybersecurity support going forward, along with greater federal oversight. Learn how your agency or municipality can take full advantage of the increased funding to protect against increasing challenges in 探花视频鈥檚 Innovation in Government庐 report.
Navigating Security in a Fast-Changing Environment
鈥淭hreat actors are constantly devising new attacks and methodologies, so organizations must stay on top of trends and constantly evolve how they build and secure their software supply chain. It isn鈥檛 a 鈥榮et it once and you鈥檙e good鈥 kind of thing. President Biden鈥檚 executive order on improving the nation鈥檚 cybersecurity and some bills going through Congress will help address some of the issues. Among many things, the executive order mandates service providers disclose security incidents or attacks. It鈥檚 also important to establish a community where security professionals across the nation can exchange security and threat information. You don鈥檛 want to solve these things in a vacuum. We鈥檙e stronger as a community than as individual organizations.鈥
Read more insights from SolarWinds鈥 Group Vice President of Product, Brandon Shopp.
User Identities in a Zero-Trust World
鈥淪tate and local governments 鈥 which have become top targets of phishing, data breaches and ransomware attacks 鈥 must be able to prevent cybercriminals from accessing all endpoints, including those associated with a distributed workforce. Prior to the pandemic, employees primarily accessed databases, applications and constituent data from within the secured network perimeter of an office. Now users are connecting from their home networks or unknown networks 鈥 even cafes 鈥 that don’t have the security protections that exist within a physical office. That heightens the need for Zero Trust, which has 鈥榥ever trust, always verify鈥 as a main tenet.鈥
Read more insights from Keeper Security鈥檚 Director of Public Sector Marketing, Hanna Wong.
Secure Collaboration for the Work-from-Anywhere Future
鈥淭he first step is to look at your content governance model. What does that content life cycle look like from ingestion or creation to consumption and archive? Compliance must be part of that entire process. Then, it comes down to your platform and tools. Are you selecting a platform like Box, where your entire content repository is unified and ensures compliance from the point of entry to the point of disposition 鈥 all while offering a seamless user experience? Or are you signing up for a disparate and disconnected strategy where you are now responsible for tracking and making sure that different data sources are compliant? Content fragmentation, even in the cloud, can introduce unnecessary exposure and a compliance risk.鈥
Read more insights from Box鈥檚 Managing Director for State and Local Government, Murtaza Masood.
What High-Performing Security Organizations Do Differently
鈥淪tate and local governments are still trying to get a handle on remote access. At the beginning of COVID, most agencies didn鈥檛 have a 1:1 ratio of devices to send home with people, so they were forced overnight into a bring-your-own-device support model and virtual desktop infrastructure (VDI) implementation. In many cases, the VDI implementation wasn鈥檛 very secure, nor was it optimal. Now agencies are asking how secure their setup is, and they have to go backward to address that, which can cause some real challenges.鈥
Read more insights from HPE鈥檚 Master Technologist in the Company鈥檚 Office of North America CTO, Joe Vidal, and Server Security and Management Solutions Business Manager, Allen Whipple.
Download the full Innovation in Government庐 report for more insights from these cybersecurity thought leaders and additional industry research from GovTech.
