4 Unexpected Ways to Strengthen State and Local Government Cybersecurity

Local government cybersecurity plans face challenges due to resource constraints, constituent needs, and decentralization. As such, security teams must identify the data, assets, and systems that are most critical and those that are at highest risk and devise specific security strategies to protect them. 

Many available resources for government cybersecurity plans are focused on the federal level. While helpful to a degree, the best practices and recommendations included in them are not always directly transferable to local government use cases.

That’s why we’ve outlined the top four overlooked fundamentals to consider when building customized cybersecurity plans for their local governments. We’ll cover essential information on mitigating insider threats, conducting risk assessments, and technology tools relevant to municipal needs — which will help customize your security plans in a way that can supercharge small local teams. 

1. Identify, research, and track insider threats

According to the 2023 Verizon Data Breach Investigations Report, 16% of documented incidents at public sector entities are driven by insider threats. Whether intentional abuse or unintentional misuse, tight permissions controls can prevent problems. 

One such security guideline that teams can easily set up is establishing proper permissions for existing or former employees. As such, it’s essential for local government security teams to create a comprehensive onboarding process that addresses permissions issues.

The New Jersey Cybersecurity Communications & Integration Cell recommends that local governments consider the following steps when establishing protocols for properly onboarding and offboarding employees:

• Use non-disclosure agreements (NDAs). Local governments should ensure that all employees receive and sign copies of NDAs. These NDAs must also include clear expectations and boundaries for what departing employees can and cannot take when leaving the organization.

• Apply the principle of least privilege access (LPA). IT teams can regularly control and audit which employees have access to specific sensitive environments—and ensure that even authorized users only have access to the environments they’re meant to access. LPA is a best practice because it builds a foundation around giving people access to only the information they absolutely need to do their jobs—and even doing so on a temporary basis in certain cases.

• Immediately limit electronic and physical access. Once employees are discharged from staff, their devices and access credentials should be immediately disabled, deactivated, or deleted. 

• Implement security software to detect insider threats. Ensure that your security tech stack is able to identify anomalous activity by insiders, not just external intrusions. This can seem more difficult to accomplish than putting up a firewall, but solutions (such as a SIEM) that are tuned to detect credential compromise, privilege escalation, data exfiltration, and other events will be able to detect many of the common signs of an insider threat incident.

2. Conduct comprehensive risk assessments

Local governments can make the best use of the limited security resources they have by identifying where they’re most at risk and most vulnerable—and then focusing their efforts on safeguarding those processes and assets.

Risk assessments are useful in establishing where limited resources are best allocated — and also creating an effective incident response plan. Resource-strapped IT teams don’t have to start these plans from scratch. For example, our blog on building out incident response plans walks through the four critical components each plan should have according to NIST, which are:

• Preparation
• Detection and analysis
• Containment, eradication, and recovery
• Post-incident activity

Additionally, CISA provides a comprehensive guide on cyber risk assessment that recommends breaking the process down into the following steps:

• Identify and document network asset vulnerabilities to pinpoint weakest areas
• Find and leverage sources of cyber threat intelligence to gain greater familiarity with relevant aspects of the threat landscape
• Document internal and external threats to obtain knowledge on active risks
• Identify potential cyber impacts to government missions and how to respond to them
• Devise and prioritize risk responses based on the information gathered from previous steps

Again, IT teams in local governments don’t necessarily have to rely on outside vendors for comprehensive risk assessments. The Department of Homeland Security offers an Infrastructure Survey Tool that municipal entities can use to analyze and assess overall risk and resilience.

CISA also hosts several resources for standardized, vetted approaches to accurate risk assessment. These assessments are based on the MITRE ATT&CK® framework, which is founded on an extensive knowledge base of documented attack methods, tactics, and incidents.

The MITRE ATT&CK® framework is frequently used by public sector entities—and for good reason. This framework provides guidelines that help turn data sources and data logs into actionable response plans and strategies, which is why ESG reports 48% of organizations extensively use MITRE ATT&CK® and CISA recommends that local governments adopt the framework for security operations.

Resource-strapped IT teams can streamline the risk assessment process by engaging in risk prioritization, or identifying the risk scenarios and events that matter the most to their organization. That way, they aren’t constantly slogging through data or alerts on cyber news or that don’t actually end up mattering. Leaner IT teams can enact effective risk prioritization by leveraging a risk management program — specifically one that uses automated processes — to take a majority tasks off their plates while ensuring proper risk assessment.

Additionally, effective risk assessment can drive down cyber insurance costs, which historically challenges local governments with high (and still rising) premiums. Insurers respond strongly when local government IT teams provide as much information as possible on potential cyber risks, the details of which are much easier to procure with a strong risk assessment process.

For more information on creating comprehensive risk assessments, IT teams can refer to CISA’s cyber risk assessment toolkit.

3. Assess and select your security controls and priorities

Controls should be selected based on the findings of risk assessments, which should identify where municipal entities are most at risk. Local government teams need to selectively choose security controls that prioritize their goals. Once chosen, most risk management tools can leverage automation to automatically tag or flag important risk events — and only push the ones requiring immediate human intervention to the security team’s desk.

IT teams can reference CISA’s list of cyber essentials as a solid place to start, then build out more specific controls and priorities based on findings from risk assessments and threat landscape research.

Although more specific controls and policies will depend upon individual needs and goals, IT teams working for municipal entities can continue to invest in the following familiar tools and strategies to ensure a foundational level of protection:

SIEMs: Resource-strapped teams can utilize a SIEM to collect security data across their entire digital footprints into a centralized source, which makes it much easier to identify potential incidents, threats, and risks. 

A practical example of this in action is Ottawa County’s successful implementation of Blumira’s SIEM solution, which significantly enhanced their cybersecurity posture without adding to their team’s workload.

Security professionals in local government should look for SIEM solutions that support hybrid security, providing the enhanced visibility needed for consistent protection across diverse environments.

Patch management: Patch management is especially important when working with legacy systems and tools, as these assets can quickly become outdated or even have support go offline, which means there will be no patches for new vulnerabilities.

For example, local government IT teams should institute best practices like patching applications and software as soon as patches are available. This is the one of the easiest, most cost-effective ways to prevent breaches and mitigate risk, as well as detect zero-day exploits before they become a problem.

Access controls: Access controls are especially important in local government as they can specifically help mitigate internal threat incidents.

For more information on potential threats related to credential access, local government IT teams can reference the MITRE ATT&CK TA0006 resource.

Firewalls: These help safeguard sensitive networks and monitor and control network traffic—which also helps identify suspicious behavior.

If your teams are dealing with outdated or offline tools, you can refer to the OWASP’s vulnerable and outdated components resource for next best steps.

4. Apply for funding

Local government IT teams are usually small, which means they can run into resource challenges. CISA and FEMA designed the State and Local Cybersecurity Grant Program (SLCGP) to allocate funds to smaller government IT teams and help support cybersecurity projects and strategies.

In FY 2023, a total of $374.9 million was made available through this grant. As the program aims to provide $1 billion over a four-year period, there is a considerable amount of funding that resource-strapped IT teams can and should take advantage of.

Local government teams can best qualify for funding by demonstrating clear dedication to their existing cybersecurity programs, such as building effective incident response plans, managing and retaining security logs, and documenting continuous improvement of their cybersecurity posture. 

According to the Government Accountability Office, the following grant programs also provided funding to support cybersecurity goals and needs for FYs 2021 and 2022:

• FEMA’s Homeland Security Grant Program: Only the State Administrative Agency (SAA) is eligible to apply for this grant. After the SAA acquires funding, it can distribute it down to the local level. As each state has their own individual requirements for the process of grant applications (including different deadlines), IT teams should contact their SAA for more details on acquiring funding.

• FEMA’s Transit Security Grant Program: While this grant provides funding for eligible public transportation systems, several local governments have acquired cybersecurity funding from this grant in order to secure and protect critical infrastructure from cyber attacks, which more often these days do target OT like public transportation. This grant’s Notice of Funding Opportunity (NOFO) will be made available in early 2024, so keep tabs on its status for requirements and deadlines on grants.gov. 
• FEMA’s Emergency Management Performance Grant Program: This grant provides local emergency management entities with resources to meet the National Preparedness Goal outlined by FEMA. Eligible agencies should keep close watch on the grant’s NOFO for more details on important due dates.
• Department of the Interior’s Technical Assistance Program (DOI-ITAP): The DOI-ITAP  is slightly different from the other opportunities listed as it technically isn’t a grant program. Instead, it provides on-site technical assistance, one-on-one mentoring, and workshops on a plethora of pressing issues in government — including cybersecurity. Local government teams can keep tabs on the DOI-ITAP’s opportunities page and sign up for the distribution list to stay up to date on potential cybersecurity initiatives. 

Keep in mind there are several requirements that state and local governments must meet to make them eligible entities for this program. Learn more about how to qualify and ace the State and Local Cybersecurity Grant Program application.

When it comes to government security plans, specific is best

When cybersecurity plans center around each individual municipal entity’s goals and needs, they empower IT teams to focus on the right things at the right time. Aim to build comprehensive and effective strategies, utilize the right security tools (such as a purpose-built SIEM for smaller teams), and implement the right security controls, and you can prevent, detect, and respond effectively to incidents.

Local government IT teams, fortunately, have access to more tools today than ever before that are appropriate for their size and needs. Investing in the right tools, strategies, and programs is the key to keeping constituents—and their data—safe. Discover the benefits of choosing a cloud SIEM tailored for local government cybersecurity and how it aligns with NIST standards for enhanced security.

Local governments will benefit from complete visibility into their entire digital environment. Learn more about how to choose the right cloud SIEM to accomplish this today.

 

# cloud siem, risk assessment, local government, government cybersecurity, cisa, State and Local Government