In recent years, there has been a noticeable increase in cyberattacks against government organizations from small towns to major cities, to the federal government. In fact, there were 17 million leaked government records in Q1 2020 – a 278 percent rise compared to Q1 2019. Furthermore, the share of cyberattacks targeting states’ critical infrastructure increased from 20 percent to 40 percent of all attacks detected by Microsoft between July 2021 to June 2022. These figures paint a stark picture, and the unfortunate reality is that this issue isn’t going away anytime soon.
Government entities across the spectrum are prime targets based on the trove of data under their purview, such as personally identifiable information, financial records, critical infrastructure data, and beyond. The reason they are susceptible is as obvious as it is concerning. Many public agencies lack the staffing/expertise, tools, and resources to mount an effective defense against today’s sophisticated and aggressive cyber attackers and nation states.
The current state of cybersecurity across many public institutions reflects common limitations that hinder efforts to mount an effective defense. Lack of coordination, visibility, and governance – combined with ineffective implementation and validation of systems/software –run rampant. These deficiencies can result in protection gaps, slower response to security incidents, and tools that don’t integrate properly, which in turn causes inefficiencies and escalates costs.
With a seemingly unending list of advanced threats that ultimately places constituents at risk, a time-tested framework is being applied to face the demands of cybersecurity head-on. This approach encourages and facilitates information sharing that serves the greater good in the face of pervasive digital threats.
Power in Numbers
Because of the unique and monumental cybersecurity challenges public-sector organizations face, a “Whole-of-State” (WOS) approach is being applied on a broader scale to encourage collaboration and the tearing down of traditional organizational silos with hopes of staying ahead of aggressive attack campaigns.
The philosophy behind WOS is simple: There is power in numbers. Even the largest of private enterprises are vexed by the unrelenting pitfalls of the current cybersecurity landscape. This reality reinforces the significant disadvantage public organizations face considering the limitation of personnel, resources, and funding. Working together to share a common baseline of data for threat intel and incident response yields invaluable, actionable information to improve security.
With so many threats and so many targets, it is extremely difficult to maintain a seamless security profile. The success of WOS lies in pooling resources across an organization to take advantage of the economy of scale that is produced when forces are combined. In the case of cybersecurity, WOS can unite policy, funding, and support processes to create efficiencies and streamline efforts. Examples include:
Information Sharing – Partnering with more than 13,000 U.S. State, Local, Tribal, and Territorial (SLTT) government organizations, the Multi State Information Sharing and Analysis Center (MS-ISAC) provides incident response and remediation support, intel, and advisories to improve cyber maturity to its membership.
Incident Response – Regional security operations centers (SOCs), cyber reservists, the National Guard, and state “fusion” centers can be leveraged to supplement internal resources to identify and mitigate threats on a greater scale.
Workforce Deployment – To address the cybersecurity skills gap, K-12 and higher education programs and internships help cultivate the next generation of cyber talent. Other resources such as virtual CISOs can provide seasoned leadership to implement sound security strategy.
Standardized tools – Interoperability that doesn’t compromise business performance is key to managing the disparate data collected across WOS environments. Training and seamless technology platforms are essential to ensure processes are streamlined.
WOS in Action
The collective “power in numbers” approach can help entities with smaller budgets benefit from shared threat information along with the tools to respond in kind. Several states have already implemented successful programs that are yielding impressive results:
Arizona – Established a statewide cyber command fusion center after years of planning. The state’s CISO now leads the Arizona Department of Homeland Security, reporting directly to the governor, and the office manages cybersecurity for every state agency, city, county, K-12, and tribe in the state.
Pennsylvania – The Pennsylvania Information Sharing and Analysis Center (PA-ISAC) addresses cybersecurity readiness and critical infrastructure coordination. Membership is open to elected and administrative officials of each city, town, village, township, county, and other government jurisdictions.
Texas – The Texas Department of Information Resources (DIR) is partnering with Angelo State University to operate the pilot phase of the Regional Security Operations Center (RSOC) to provide Texas local governments with cybersecurity support, including real-time network monitoring to detect and respond to network threats.
New York – Cities including New York City, Albany, and Buffalo united to launch the Joint Security Operations Center (JSOC) to strengthen cybersecurity statewide. Headquartered in Brooklyn, it is a first-of-a-kind approach to coordinate efforts across city, state, and federal entities.
Not to be outdone, the federal government is serving by example by improving the quality of threat intelligence fed to each state. And better threat intel leads to an improved security posture across the board. IT teams can also automate responses based on this intel. For instance, alert systems can be integrated directly into firewalls to provide instant protection by blocking flagged addresses. These best practices are beginning to take hold across the public sector, but more work needs to be done.
It’s clear that WOS can be an effective strategy to do more with less and alleviate some the strain from the never-ending drumbeat of cybersecurity incidents that cripple organizations regardless of whether they’re public or private or large or small. Fostering a collaborative environment that encourages constructive dialogue through ongoing information sharing will be key to keep pace with the relentless parade of threat actors who wish to do us harm. WOS has been proven to help mount a proper defense to thwart disruptive cyberattacks and will hopefully continue to take root nationwide while serving as an example on a global basis.