There’s no question that state and local governments are getting pummeled by cyber attacks. While larger, high-profile cases like Colonial Pipeline and SolarWinds tend to dominate the news, it is important to acknowledge the impact of cyber crime on state and local governments. Ransomware attacks on state and local governments, for instance, increased in just a year by 485% in 2020. These attacks come with an especially high cost for local governments: an average of $1.64 million last year (accounting for “downtime, people time, device cost, network cost, lost opportunity, ransom paid, and more”).
Of course, there is no blame here. Only empathy. Most who are attacked in cyber are victims of a cyber threat landscape that’s completely out of control, now manipulated by nation-states and highly organized criminal groups. I recently met with many state Chief Information Officers as part of NASCIO’s mid-year conference, and I know that most state, local, and education (SLED) stakeholders face resource constraints when it comes to cybersecurity. Budgets, personnel, time, cyber expertise — all are limited.
Taking advantage of these obstacles, adversaries regularly target SLED entities either to carry out “cyber target practice” to test their malicious infrastructure before hitting bigger targets or to launch ransomware attacks to gain quick payouts and/or steal treasure troves of citizen data. To make matters worse, about a third of local governments or counties wouldn’t even know they are under cyber attack.
State and Local Government Cybersecurity Act of 2021
Needless to say, I was pleased this week when President Biden signed into law the State and Local Government Cybersecurity Act of 2021, which requires the Department of Homeland Security “to increase collaboration with State, local, Tribal, and territorial governments on cybersecurity issues.” While I applaud these efforts, it is imperative that we scrutinize the concept of “collaboration” to make sure that it yields actionable, timely, and relevant responses.
To me, collaboration is effective only if it happens in real time. That means empowering SLED stakeholders with the ability to detect common threats based on network behaviors (not signatures, which are stale by the time the grapevine circulates the known indicators of compromise) and, from there, exchange anonymized attack intelligence during an attack's early stages — not weeks after, as is traditionally the case.
Real-time collaboration is the only way to shore up shared SLED defenses, enabling state and municipal organizations to proactively defend critical infrastructure against fast-changing adversarial tactics, techniques, and procedures (TTP) designed to evade point-protection tools and firewalls.
A Whole-of-State Approach to the State and Local Government Cybersecurity Act of 2021
At IronNet, we facilitate a whole-of-state approach to cybersecurity by working with states to build cross-state Collective Defense communities to break down the historical silos that have hindered collaboration in cyber for far too long. This shared approach to cybersecurity breaks down these silos to enable collaboration across the entire state, not just by jurisdictions, to improve the cybersecurity posture of all stakeholders.
Using the power of the secure cloud, we stand up state Collective Defense communities and build a dynamic radar-like cyber threat picture that gives participants situational context – from town halls to state agencies. These communities may include the state Department of Health and Human Services, local water/wastewater agencies, public power providers, educational organizations, and other municipal agencies.
This Collective Defense approach helps SLED participants defend as one against the same threats hitting the public sector. Not only are we broadening threat visibility for everyone in the community, we also are empowering organizations to pool limited human resources by essentially creating a “whole-of-state” Security Operations Center. In a Collective Defense community, participants can exchange anonymized real-time attack intelligence with each other and with the government at network speed, if the cyber attack warrants national defense of critical infrastructure.
By accelerating collaboration in real time, everyone wins — except the attackers. As National Cyber Director Chris Inglis has said, “You must beat all of us to beat one of us.”