Last week we had the chance to attend the MS-ISAC Conference in Baltimore, where U.S. state, local, tribal and territorial (SLTT) government representatives and election officials all gathered to talk about all things cybersecurity.
Throughout the conference, we identified some common themes that kept coming up around the topic of cybersecurity in state and local governance. Topics included remote work, supply chain management, cloud migration, and what cybersecurity concerns these may pose. These challenges are not unique to SLTT governments, but sensitive data and legacy infrastructure are part of the reason government systems are disproportionately affected by cyberattacks, which makes the adoption of new tech and business practices like remote work or cloud harder to adopt. Here's a few things that stood out to us.
Our team loved meeting cyber and IT professionals from around the country in Baltimore!
State and local governments often do not have the IT staff necessary to build and maintain custom solutions to solve cybersecurity problems. Many SLTT governments have IT operators and staff that may have many shared responsibilities across disparate job functions. We met people with titles not traditionally associated with IT such as a practicing attorney, election officials, and even an HVAC technician. All of these people have responsibilities more associated with roles like a system administrator or systems engineer. For this reason, state and local governments will often look to trusted vendors to help build risk management frameworks or to solve complex security problems in an effort to prevent breaches or unintended access to their systems. However this opens up the possibility of software supply chain attacks, which have become more prevalent in recent years.
With the rise of cloud-native approaches and the ever increasing number of software providers, attackers are expanding their approach by targeting their attacks several degrees of separation away from their main target. The SolarWinds hack revealed that by exploiting vulnerabilities in a software used by other organizations, hackers were able to increase the outreach of their attack, affecting an estimated 18,000 of SolarWinds customers with compromised software. SLTTs need a way to ensure the third party applications they integrate with have high security standards, and that their internal system is protected against attacks up the supply chain. CIS has created a Supply Chain Security Guide to help organizations secure their software supply chain from attackers. They have published their guide to reach a wider audience, and attract a community interested in developing platform-specific benchmarks.
Most organizations are still trying to figure out what their remote policy should look like. Organizations are struggling to hire people, while workers are increasingly asking for remote/hybrid work environments. SLTTs are particularly conflicted, since having empty offices being maintained by taxpayer money looks bad to the public. Moreover, working remotely poses some managerial and security challenges that need to be addressed in order to enable workers to work remotely. How do we ensure our systems are secured against cyberattacks with employees working from different locations?
Cloud computing is not the future, it’s the present. However, many SLTT government systems still have large portions of their infrastructure on-prem. Data privacy concerns, transferring CapEx (hardware) to OpEx (cloud servers), and the need to maintain legacy systems makes it hard to use the full capabilities of new technologies such as cloud computing. Most of the organizations that we spoke to at the MS-ISAC operate in a hybrid cloud environment, with some mixture of on-prem and cloud infrastructure. The right migration strategy helps minimize misconfigurations and improve security through OS and applications in the cloud.
The number of cyberattacks is going up, and attacks take different shapes and forms. SLTTs are disproportionately affected due to legacy infrastructure, smaller IT teams, and sensitive data. On top of this, many organizations are facing hiring challenges, with employees asking for remote working environments, which add to the complexity of ensuring a secure system.
Sicura can help SLTT organizations fix misconfigurations that act as an open door to cyberattacks. Sicura will help automate the compliance and remediation process for a number of standards such as CIS Benchmarks, to ensure your system is compliant. Now, with our new partnership, you’ll get access to the CIS Benchmarks without purchasing a separate CIS Membership - it’s all in one. Get in touch to learn how Sicura can help drive security and efficiency for your team and organization.