https://www.americancityandcounty.com/wp-content/themes/acc_child/assets/images/logo/footer-logo.png
  • Home
  • Co-op Solutions
  • Hybrid Work
  • Commentaries
  • News
  • In-Depth
  • Multimedia
    • Back
    • Podcast
    • Latest videos
    • Product Guides
  • Resources & Events
    • Back
    • Resources
    • Webinars
    • White Papers
    • IWCE 2022
    • How to Contribute
    • Municipal Cost Index – Archive
    • Equipment Watch Page
    • American City & County Awards
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Cookie Policy
    • Privacy Statement
    • Terms of Service
American City and County
  • NEWSLETTER
  • Home
  • Co-op Solutions
  • Hybrid Work
  • Commentaries
  • News
  • In-Depth
  • Multimedia
    • Back
    • Podcasts
    • Latest videos
    • Product Guides
  • Resources/Events
    • Back
    • Webinars
    • White Papers/eBooks
    • IWCE Expo
    • Calendar of Events
    • How to Contribute
    • American City & County Awards
    • Municipal Cost Index
    • Equipment Watch Page
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Cookie Policy
    • Privacy Stament
    • Terms of Service
  • newsletter
  • Administration
  • Economy & Finance
  • Procurement
  • Public Safety
  • Public Works & Utilities
  • Smart Cities & Technology
  • Magazine
acc.com

Smart Cities & Technology


NicoElNino/Alamy Stock Photo

Article

Shifting the cybersecurity burden for state and local governments

Shifting the cybersecurity burden for state and local governments

  • Written by Ken Levine
  • 31st March 2023

The public sector is a magnet for cyber criminals, as state and local governments continue to battle a wave of malware attacks every year. Adversaries understand that state and local governments, through no fault of their own, have limited budgets and overextended security teams, many of which are stressed by alert fatigue and the complexity of remote and hybrid workforce protections. Couple the resource dilemma with being a valuable target for cyber criminals, state and local governments, municipalities and school districts are being asked to do too much on their own. Furthermore, new attacker tradecraft is actively evolving, increasing the immense burden of responsibility carried by government agencies to secure their critical infrastructure and public works while safeguarding the public’s trust.

A sense of urgency is mounting as state and local agencies assess their options to prevent the next ransomware breach. But how can a government agency protect its critical assets against heavily funded adversaries without employing the level of cybersecurity solutions that only the largest global organizations can afford to employ?

A recent White House-issued cybersecurity advisory begins to describe what is needed for government agencies. As important, the advisory calls on the cyber community to share the burden and responsibility of securing government assets. Taken together, I believe these two headlines can begin to even out what is currently an unfair fight in favor of the adversary. Afterall, the attacker only needs to be right once; cybersecurity professionals must be right every single time.

Here are two key take-aways from the recent White House advisories:

  • The S. 2022 Joint Cybersecurity Advisory established guidelines that recommend Managed Detection & Response (MDR)-level capabilities as a minimum security baseline. MDR must prevent initial compromise, enable monitoring and logging, and develop and exercise “Incident Response.”
  • The White House 2023 National Cybersecurity Strategy says “We must rebalance the responsibility to defend cyberspace by shifting the burden for cybersecurity away from individuals, small businesses and local governments, and onto the organizations that are most capable and best-positioned to reduce risks for all of us.”

Considering these two federal advisories together when searching for a cybersecurity solution for state and local governments, the solution needs to be proactive technology that can prevent cyberattacks. But it also needs to be delivered at a price within the public sector’s budget, not the budget of a global financial institution. So, what does that mean?

MDR is a cybersecurity service and product that detects malware and suspicious attacker reconnaissance activity and responds to these threats with automated and/or human-led alerting, blocking, and attack mitigation. The “managed” element takes the task off the government agencies and puts it on a Security Operations Center (SOC) or team of expert security analysts that perform threat hunting, malware analysis and other services for full management of your security profile, for you. This is a happy marriage of 24/7 “we’ve got your back” human-led threat management, threat intel and incident response capabilities with (often automated) detection-first capabilities.

So, does MDR answer the cybersecurity question for state and local governments? Not entirely:

  • First, MDR is often prohibitively expensive, especially for larger government organizations. Costs average $8 to $16 per agent per month.
  • MDR’s “detection-first” strategies succeed only about 80 percent of the time on average, which can explain why so many breaches continue to occur across the globe. Approximately 20 percent of threats entering an environment are not successfully detected. Certainly, detection is not the same as protection, so it is important for you to ask for, and receive, an MDR product’s actual historical detection rate, or what’s known as its “detection track record.”
  • MDR’s detection-dominant strategies cannot detect undetectable threats (aka “unknowns”). Most detection-first MDR solutions are finely tuned to detect known-good and known-bad threats, based on threat intel and established signatures and hashes. But malware and ransomware hide in the “unknown.” If these unknowns are undetected, then, by definition, you cannot protect against them. Detection is still important as a first line of defense, but detection-first MDR solutions simply lack the ability to protect against that growing unknown, no matter how big and prominent the vendor.
  • Undetectable threats increase malware “dwell time.” Consider research by Forbes that revealed malware and security threats often dwell in targeted environments from “a couple of minutes to a worst case of hundreds of days.” Hundreds of days. Once malware is inside your environment, it can siphon and exfiltrate data, move laterally, and literally live deep inside your network until it is good and ready to detonate or ransom.
  • Lastly, when detection-first MDR solutions fail (which they will in the face of undetectable threats), customers are then required to pay hefty incident response (IR) fees to remediate the vendor’s failed detections. Last year, government organizations averaged $213,000 in ransom pay. Oftentimes, the IR fees go to the same vendor providing the MDR service. While no vendor wants to be breached, there is some irony in additional monies going to some of the same vendors who are supposed to protect you.

Detection-first MDR solutions have significant benefits for state and local governments. But the above points demonstrate that it is not a silver bullet, and it is not inexpensive.

Alternatively, some state governments have leveraged cybersecurity solutions that prioritize protection over detection. We believe that there should be consideration of proactive, protect- first, access-prevention technologies as an integrated front-end for MDR. To elaborate, undetectable threats are deemed guilty until proven innocent, instantly, in real time, and contained right there on the endpoint. This is genuine zero trust. The contained attacks cannot access real assets, and can therefore do no damage, or interrupt users or disrupt applications, operations or productivity in any way.

As the White House 2023 National Cybersecurity Strategy suggests, it is time to shift the burden of security from small businesses and state and local governments to the security vendors. At the very least, do understand that expensive detection-first solutions are not the bedrock of effective cybersecurity. As long as this misunderstanding continues to persist, breaches and ransoms will continue.

Ken Levine is CEO at Xcitium and is a 15-year cybersecurity industry veteran. Prior to Xcitium, Levine was the CEO for microsegmentation company, ShieldX, which Fortinet newly acquired. Previous to Shield X, he was CEO of Digital Guardian which became a leader in the DLP and EDR markets. Levine was also CEO of then start-up NitroSecurity, a SIEM platform, which was acquired by McAfee in 2011. At McAfee, Levine was senior vice president and general manager of the security management business unit. He is a graduate of the University of Pennsylvania’s Wharton School of Business.

Tags: homepage-featured-1 homepage-featured-2 homepage-featured-3 homepage-featured-4 Smart Cities & Technology Administration Public Safety Public Works & Utilities Smart Cities & Technology Administration Public Safety Public Works & Utilities Article

Most Recent


  • crisis
    Navigating crises with confidence: Five ways strategic plans support crisis response
    Some crises are short-lived, barging through our lives and routines, and before we can get a sense of what’s happened, we’re left dealing with the aftermath. But many crises build slowly, with many early warning signs, and once they’vehit their breaking point, panic and uncertainty overwhelm the ability of leaders to think clearly and mitigate […]
  • 2022 Crown Communities Award winner: Miami-Dade County Clerk of Courts' jury selection system
    The Miami-Dade County Clerk of Courts is revolutionizing the jury selection process.  In many jurisdictions, jury duty is perceived as an obligatory nuisance. On their appointed day, potential jurors arrive early and stay late. They read books or watch television to pass the time as judges and attorneys make in-person selections from the pool of […]
  • digital
    How to leverage digital tools to drive innovation in government
    The rapid evolution of digital technologies transformed the way governments function, making them more efficient, transparent and citizen-friendly. Rather than relying on crystal trophies, governments can leverage digital tools to drive innovation and streamline processes, benefiting the population they serve. Open data and crowdsourcing Open data refers to making government data available to the public, […]
  • last-mile
    How green last-mile infrastructure benefits your community
    Overseeing transportation is one of the most important jobs of municipal leaders as it underpins a wide range of aspects within a municipality, including its economy, community connectedness and the health of the local environment. One of the most deceptively challenging elements of effectively overseeing transportation is the development of last-mile transit infrastructure. That is, […]

Leave a comment Cancel reply

-or-

Log in with your American City and County account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • Protecting your state and local government against ransomware attacks
  • Shifting the cybersecurity burden for state and local governments
    Detectives Track Terrorists By Starlight

White papers


5 reasons why Plan Examiners need Objective Trapeze

30th May 2023

7 Permitting & Licensing Fails Slowing Community Growth

24th May 2023

The Secret Ingredient to Local Government Employee Retention

23rd May 2023
view all

Webinars


How to Centralize and Build a Grants Management Process at your Organization

24th May 2023

Making Permitting Easier: What We’ve Learned Helping America’s Largest Cities Improve Their Permitting Process

16th May 2023

Digital Property Tax Collection: Tales from the Trenches of Modernization

16th May 2023
view all

PODCAST


Young Leaders Episode 4 – Cyril Jefferson – City Councilman, High Point, North Carolina

13th October 2020

Young Leaders Episode 3 – Shannon Hardin – City Council President, Columbus, Ohio

27th July 2020

Young Leaders Episode 2 – Christian Williams – Development Services Planner, Goodyear, Ariz.

1st July 2020
view all

GALLERIES


Gallery: Annual index ranks America’s top performing cities; most are in the West

30th May 2023

Gallery: Top 10 American cities for seasonal and summer jobs

25th May 2023

Gallery: 10 of America’s most affordable cities

9th May 2023
view all

Twitter


AmerCityCounty

5 reasons why Plan Examiners need Objective Trapeze dlvr.it/Sptl5z

30th May 2023
AmerCityCounty

Navigating crises with confidence: Five ways strategic plans support crisis response dlvr.it/SptVKN

30th May 2023
AmerCityCounty

Gallery: Annual index ranks America’s top performing cities; most are in the West dlvr.it/SpszdK

30th May 2023
AmerCityCounty

2022 Crown Communities Award winner: Miami-Dade County Clerk of Courts’ jury selection system dlvr.it/SphCBk

26th May 2023
AmerCityCounty

Gallery: Top 10 American cities for seasonal and summer jobs dlvr.it/SpdFWy

25th May 2023
AmerCityCounty

How to leverage digital tools to drive innovation in government dlvr.it/Spcktb

25th May 2023
AmerCityCounty

With many cities facing a fiscal cliff as ARPA funding ends, debt ceiling debate continues on Capitol Hill dlvr.it/SpZLph

24th May 2023
AmerCityCounty

7 Permitting & Licensing Fails Slowing Community Growth dlvr.it/SpYqBS

24th May 2023

Newsletters

Sign up for American City & County’s newsletters to receive regular news and information updates about local governments.

Resale Insights Dashboard

The Resale Insights Dashboard provides model-level data for the entire used equipment market to help you save time and money.

Municipal Cost Index

Updated monthly since 1978, our exclusive Municipal Cost Index shows the effects of inflation on the cost of providing municipal services

Media Kit and Advertising

Want to reach our digital audience? Learn more here.

DISCOVER MORE FROM INFORMA TECH

  • IWCE’s Urgent Communications
  • IWCE Expo

WORKING WITH US

  • About Us
  • Contact Us

FOLLOW American City and County ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2023 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.