The federal government is putting more resources behind its cybersecurity imperatives, much to the benefit of state and local governments. On June 21, 2021, President Biden signed into law the State and Local Government Cybersecurity Act of 2021, to increase cybersecurity collaboration between the Department of Homeland Security (DHS) and state, local, and tribal governments. Tool and resource sharing, as well as training, are important elements of this new law.
This law and Executive Order 14028 (EO), which focuses on Zero Trust, have had an impact on cybersecurity for state and local governments. Within 3 years, 67% of state chief information officers indicated they would be introducing or expanding their cyber posture with a Zero Trust framework.
As state and local governments shift their attention to Zero Trust, three elements will help determine their success:
Smart application of investment funding
Proven strategies for successful adoption and impact
Rapid implementation and agile integration
Fortunately, there’s support on all three fronts.
Ready to invest: Federal programs support Zero Trust initiatives
Federal programs offer state and local governments an opportunity to address current cybersecurity vulnerabilities and make strategic investments to prepare for future threats. This includes $1 billion in cybersecurity grants soon to be available from the Infrastructure Investment and Jobs Act (IIJA) and additional remaining funds from the American Rescue Plan Act (ARPA). IIJA funding, for example, gives governments at all levels an opportunity to invest in both physical and digital infrastructure. Agencies can use these dollars for cloud-based operational technology (OT) and IT security solutions.
Approach Zero Trust in three stages
Zero Trust maturity includes short-range, mid-point, and long-term milestones. Achieving these goals can result in more secure infrastructure designed to evolve organically to leverage new technology and protect against changing threat vectors. Google Cloud offers three recommendations which can help ensure success at each stage.
1.Focus on identity management. In the short term, agencies will likely find it useful to focus on identity management because phishing is likely to be their number one concern. That means setting up first lines of defense with strong multi-factor authentication and replacing legacy identity and access management systems. Moving beyond identity, agencies can look to AI-driven platforms that help adopt least privilege policies and automate much of the monitoring of access. For example, real-time monitoring with AI and analytics can help agencies with proactive threat detection, strengthen infrastructure security and improve maintenance.. By implementing security-by-design, agencies can protect their users with minimal change.
2. Aggregate and analyze security data.At the midpoint, agencies can evaluate the effectiveness of their agency’s security log information for accuracy and access to timely information. Aggregating that data and looking at it at scale is essential to gaining a perspective about where attacks are coming from and where immediate action is required. It is imperative that governments begin to invest more broadly in their detection capabilities to ensure they are seeing and responding to the real issues.
3. Evaluate technical investments. In the long term, broader-scale modernization is key to rapid implementation and agile integration, and to advance along the Zero Trust maturity curve. This might include transitioning away from on-premises technology and adopting secure-by-design, cloud-based solutions, which offer significant security advantages. It should also include strengthening data backup and recovery capabilities.
The stakes have never been higher for state and local governments when it comes to the cybersecurity threat landscape. Thankfully, we’ve never had more advanced tools, coupled with robust federal funding programs. Zero Trust offers our collective best defense, and there has never been a better time to begin. Read more in our newest issue brief, A Roadmap for Stronger Cybersecurity, where you’ll find practical guidance for implementing Zero Trust strategies and making the most of available resources.
Cloud BlogRead More