Protecting Local Government Agencies with a Whole-of-State Cybersecurity Approach
Facing frequent and aggressive cyberattacks, local governments often struggle to defend themselves due to a lack of tools and resources. But it doesn’t have to be this way. With a whole-of-state approach, local governments can pool resources and boost their defenses, reducing cyber risk via improved threat visibility, cyber hygiene and incident response. Read on to learn more about the benefits of a whole-of-state approach.
There’s no question that state, local, tribal and territorial (SLTT) governments are getting bombarded with cyber attacks. According to the Multi-State Information Sharing and Analysis Center (MS-ISAC), SLTT governments experienced more than 2,800 ransomware incidents from January 2017 through March 2021. In fact, according to a recent report by Sophos in 2021, 58% of state and local government organizations were hit by ransomware.
Too often these attacks succeed because local government agencies lack the tools and resources to adequately defend themselves. Fortunately, they don’t have to do it on their own. Another approach is emerging that allows SLTTs to pool their resources together to navigate the complex landscape. In fact, it’s already been implemented by a number of SLTTs.
Building a whole-of-state approach
A “whole-of-state” approach enables state-wide collaboration to improve the cybersecurity posture of all stakeholders. It allows state governments to share resources to support cybersecurity programs for local government entities, educational institutions and other organizations. Shared resources increase the level of defense for SLTTs both individually and as a community and reduces duplication of work and effort. States get real-time visibility into all threats and deploy a standard strategy and toolset to improve cyber hygiene, accelerate incident response and reduce statewide risk.
The Center for Internet Security (CIS) describes key reasons why the whole-of-state approach to cybersecurity is paramount, including shared cyber risk, economies of scale, reduced cost, streamlined visibility and knowledge sharing.
Whole-of-state cybersecurity recognizes that SLTT government organizations have a wide range of interconnected assets and systems. An attack on one part of the system can affect any or all of the others, compromising the security of the entire state. Simultaneously, the cybersecurity threat landscape only continues to grow – a Deep Instinct report found that compared to 2019, malware attacks increased by 358% and ransomware increased by 435% in 2021. For this reason, a coordinated and collaborative effort is recommended to secure the entire system.
How Tenable technologies facilitate a whole-of-state strategy approach
Developing an effective whole-of-state strategy starts with visibility. As the saying goes: "You can't protect what you can't see.” At Tenable, we offer full visibility, across municipalities, into all assets and exposures to minimize cybersecurity risk throughout the state. Additionally, our technologies help to streamline cybersecurity processes, optimize resource allocation and reduce budgets by prioritizing the vulnerabilities posing the greatest risk to the organization.
The Tenable One Exposure Management Platform helps agencies gain a unified visibility across the modern attack surface, focus efforts to prevent likely attacks and accurately communicate cyber risk to support optimal business performance. The platform combines the broadest vulnerability coverage spanning IT assets, cloud resources, containers, web apps and identity systems, builds on the speed and breadth of vulnerability coverage from Tenable Research, and adds comprehensive analytics to prioritize actions and communicate cyber risk.
In addition to Tenable One, Tenable OT Security provides industrial and critical infrastructure security, ensuring you have full visibility into your converged IT/OT environment.
We have partnered with CIS, which makes foundational cybersecurity more affordable and accessible for members of the Multi-State Information Sharing and Analysis Center (MS-ISAC). Our solutions are the only comprehensive risk-based vulnerability management offerings available in the CIS CyberMarket.
Tenable has successfully deployed vulnerability management solutions for SLTT entities nationwide. Each is unique, but they all provide security professionals with a view of their ever-expanding attack surface. Tenable has a history of partnering with SLTTs to provide customized solutions and delivery approaches that meet their specific needs and will grow with your agency as needs change and the landscape evolves.
Use SLCGP funding to further whole-of-state cybersecurity efforts
Don’t forget, funding for SLTTs in the U.S. is available through the State and Local Cybersecurity Grant Program. The program is well under way, with 10 states having already received their FY 2022 funding and another 38 states expected to submit their required cybersecurity plans and receive their funding later this year. The Cybersecurity and Infrastructure Security Agency (CISA) is expected to release the FY 2023 Notice of Funding Opportunity (NOFO) within the next few months, providing an additional $370-$400 million of the SLCGP funding to states.
Learn more
- Visit the Tenable State and Local Cybersecurity Grant Program (SLCGP) Webpage
- To learn more about our whole-of-state approach read this whitepaper
Related Articles
- IT/OT
- Exposure Management
- Government
- OT Security