State, local, tribal, and territorial governments are primarily responsible for protecting and maintaining critical infrastructure. This means that millions of individuals rely on SLTT governments in their everyday lives for security and essential services.
Unfortunately, SLTT's are often the target of sophisticated cyber attack's which may leave critical infrastructure at risk or compromised. Between 2017 and 2020 cyber-attacks made against SLTT governments rose roughly 50%, making SLTT governments a prime target for bad actors.
It's important to understand where SLTT's biggest weaknesses are and how they can mitigate them and improve their security posture.
One of the most common factors that contributes to security posture is budget. IT and security staffs are historically underfunded and lack the necessary resources to combat advanced threats. As of 2021, only 15 states had dedicated cybersecurity budgets, only setting aside at most 3% of their overall IT budget. This lack of funding makes it hard to staff IT departments and security teams as well as making it difficult to obtain security technologies and programs. While the private sector seems to be coming around to the fact that cybersecurity deserves its own budgetary division, SLTT governments are consistently lacking the funds necessary to improve their security posture.
Their exits over 90,000 separate government entities in the U.S. This represents an enormous attack sector for cyber criminals to exploit. One of the biggest weaknesses inherent to SLTT governments is the discontinuity in security practices between various government entities. Since each government has its own responsibility to its own security infrastructure, cooperation and continuity with other entities is often overlooked. One of the goals of President Biden's 2021 executive order was to standardize security practices amongst the private sector and the Defense Industrial Base. The same issue of disunity exists in SLTT governments as well.
The workplace is becoming more and more integrated with modern technology every single day, SLTT governments are no different. As auditing, finances, and maintenance become more automated and streamlined these governments will have to keep up with new emerging technologies and the vulnerabilities that come with them. These attack vectors and technologies can be challenging to keep up with especially if they are already understaffed and underfunded.
SLTT governments have a responsibility to mitigate these vulnerabilities to protect critical infrastructure and its communities security posture. One of the easiest things local governments can do to improve their security culture is to practice the most basic security practices. This means establishing secure password policies that can be adopted by every employee, requiring MFA for all applications, and operating with a "least privilege" mindset.
SLTT governments need to also set aside the resources necessary for security teams to protect your IT systems. This may include increasing your security budget, hiring more staff, or enlisting the help of an MSP to co-manage your security.
Finally, local governments need to be aware and stay on top of the latest cyber threats and technologies used to breach networks. Education is often to most important factor in mitigating SLTT security disasters.
CorpInfoTech can help SLTT’s be proactive about cybersecurity, rather having to react when an issue arises. Let’s discuss where your gaps may be in your organization.