Skip to content

Why Is Security So Difficult? (As Well as What State and Local Agencies Can Do)

16 Essential Apps for Ironclad Online Privacy | PCMag

It all usually comes down to protecting your people, assets, and data when it comes to security.

Everything sounds so straightforward when you put it in those terms. However, when seen from the standpoint of state and local governments, things become more complicated.

A Wide Selection of Cybersecurity Products

For example, how many software products are included in the three categories mentioned above (people, assets, and data)? Nearly half of state and local government IT leaders say they use separate products to protect their assets, which range from laptops to mobile devices to servers on-premise in the data center and in the cloud, as well as the plethora of products used to control who can access the systems, applications, and data that power government services to citizens. This is true even for smaller municipalities and county governments. The large number of software packages handling security is understandable given the various teams involved in enterprise security.

A Lack of Skilled Staff

Next, consider how many personnel in those state and municipal governments have as their primary and sole task controlling the organization’s security. Security management can range from responding to security problems to teaching people within the government to implementing and managing the numerous software solutions that handle security. Many of the larger state governments may have as many as five to fifteen people with security duties. However, many of the smaller local municipal and county administrations may have two or three. Security specialists typically have several job possibilities, and there aren’t enough skilled experts to go around.

Budgets are tight, but prospective funding under the IIJA may provide some help

State and municipal government budgets are constrained, particularly in smaller cities and counties. There is never enough money to do all of the necessary tasks. Taken together, the sheer number of security products, a scarcity of well-qualified professionals, and insufficient security expenditures pose substantial hazards to the local government organization.

Enter the Bipartisan Infrastructure, Investment, and Jobs Act (IIJA), which was signed into law by President Biden in November 2021. The IIJA’s State and Local Cybersecurity Grant Program gives $1 billion in grant funds to state, local, and tribal governments to address cybersecurity risks and threats to information systems. While the money will flow through the states, the majority of it must go to local governments, according to the rules. The Notice of Financial Opportunity (NOFO) has not yet been published, although it is scheduled to be released sometime in the summer of 2022. While this may appear to be a windfall for local governments and Tribes, keep in mind that the United States has roughly 90,000 local government units. If the funds are allocated equally among them, each would receive approximately $11,000 – hardly much money to defend people, assets, and data from security concerns.

How to Plan Your Cybersecurity Strategy for IIJA Payment

What can a state, city, or local government do to protect its organization from increasingly complex cyber-attacks and to prepare for the IIJA’s release of funds? A plan is always the first step. When you’re dealing with several software products, multiple teams, and limited employees, creating a plan may seem overwhelming. However, there are numerous businesses and government websites that can assist, or smaller cities and counties can look to the state for their plan. Though it may appear to be Security 101, having a cybersecurity strategy and roadmap is one of the top five most important projects across governments, cities, and counties.

A cybersecurity plan is also necessary to prepare for the IIJA’s release of funds so that you can apply for your fair share as soon as the NOFO is issued. When applying for the grant, the following factors must be considered:

  • Every funding application must contain a security plan.
  • Understand your existing cybersecurity posture in relation to nationally recognized cybersecurity frameworks such as the NIST Cybersecurity Framework. This approach does not recommend specific technology for use, instead of focusing on outcomes.
  • Focus on areas where governments may strengthen important and critical services, such as emergency IT systems, electoral systems, water utilities, or anything else that could generate headlines if it was compromised.
  • Make use of a Zero Trust architecture and mature implementation.

It is not easy to protect your people, assets, and data, but it is the foundation of trust that all government services must deliver to people.

 


Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.

For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com