Rapid Response

It should come as no surprise that cybersecurity is the top priority of state CIOs around the country, and has been for the past several years. The National Association of State Chief Information Officers (NASCIO) recently reported this finding, which underscores the continued concern state and local governments have about the increase in cyberattacks. That includes everything from malicious code and zero-day attacks to spear phishing, “hactivism” and distributed Denial of Service attacks. These threats can and do affect the privacy and security of confidential data, as well as business continuity of government agencies.

And the threats continue to spiral out of control. According to an October, 2015 report from Ponemon Institute, state and local government agencies experience data breaches approximately every twelve weeks. The threats are growing more sophisticated as well. Hackers no longer rely solely on tried-and-true methods like packet sniffing and password code cracking. They’ve added more complex threat signatures, such as cross-site scripting, distributed attacks, staging and advanced scanning.

The Ponemon Institute report found that on average, federal agencies are better prepared to handle cyberthreats than state and local governments. More federal agencies have incorporated modern technology and processes like behavioral analytics, next-generation firewalls, big data solutions and intelligence sharing.

Some states, however, have made significant progress. They’re an important model for other state and local governments. California is one of the most mature with a cybersecurity task force, the California Cybersecurity Integration Center, and the Cyber Incident Response Team. California also has a well-developed, comprehensive incident response plan. Maryland has also been fairly successful, establishing a plan to develop rapid response strategies to protect the state from cybercrime. Other states with impressive plans include Idaho, Michigan, Rhode Island, Virginia and Texas.

Still More to Do

Despite pockets of progress, state and local governments still have a long way to go. In the area of incidence response, for example, only 38 percent of state and local government organizations are confident they could contain a cyberattack. That’s in contrast to 52 percent of federal agencies, according to the Ponemon Institute study.

Effective incident response requires greater visibility and faster response than most state and local governments can currently manage. It also requires integrated state-of-the-art tools and capabilities. Yet according to a 2014 Center for Digital Government survey, only 63 percent currently employ intrusion detection systems, 68 percent have automated malware protection systems, and only 49 percent have next-generation firewalls. Integration is also critical to achieving visibility and faster response. It requires incorporating functions like analytics and visualization, along with intelligent packet capture and retrieval. Using an integrated set of tools and functions, agencies can better understand how long the organization has been under attack, how the attacker entered the network, and the extent of the damage.

Using this strategy, Maricopa County in Arizona helped secure the data for its nearly 60 departments, while maintaining compliance with a host of federal and industry regulations. Using a combination of FireEye’s Email Threat Prevention (EX Series) platform, Network Threat Prevention, Host Prevention and Central Management platforms, the county was able to more effectively identify, manage and respond to threats in real-time in a fully automated fashion.

This integrated technology suite helps the county’s cybersecurity team observe behaviors and categorize trends and malware components. When the system spots an anomaly, it allows for quick analysis and remediation.