Dec 14 2021

Why State and Local Agencies Should Consider Cybersecurity in Power Management

Agencies must secure power management systems to protect crucial IT infrastructure supporting digital government.

In a year where ransomware threats have increased dramatically and high-profile attacks have wreaked havoc, many in the public sector might be wondering if their current infrastructure can withstand what’s ahead.

Threat actors are becoming more sophisticated, and state and local governments must be vigilant to avoid potentially devastating attacks that could compromise critical services for those they serve.

At the same time, the rapid adoption of digital solutions across agencies creates more opportunities for enterprising attackers to identify vulnerabilities in nontraditional infrastructure and exploit them. One potentially overlooked area is power management, where increasing connectivity has paved the way for demonstrable gains in efficiency and disaster avoidance. However, this also calls for heightened cybersecurity awareness.

The acceleration of digital government services and distributed IT environments means government IT managers must take the necessary steps to protect infrastructure from devastating cyberattacks.

Click the banner below to get access to a customized content experience on cybersecurity.

Digital Transformation Accelerates in Government

State and local governments across the country are actively adopting digital technologies to improve services for citizens, leading many to make the shift from a traditional centralized approach to a distributed model that leverages multiple locations to support IT requirements. Meanwhile, at many agencies, IT teams are leaner than ever, while evolving demands make it increasingly necessary for staff to respond remotely in emergency situations. Gone are the days where all IT locations had the luxury of onsite support teams.

A trend running parallel to many of these developments is the growth of the Internet of Things. According to Business Insider, the number of IoT-connected devices will grow to 41 billion by 2027, up from approximately 8 billion in 2019. As this transformation unfolds, government institutions must consider the challenge these new endpoints will present for cybersecurity and ensure they’re protected across their expanding networks.

These related trends, both of which have accelerated amid the COVID-19 pandemic, require new approaches to power management and, in the case of IoT growth, actually impact power equipment itself.

More IT teams are deploying connected power management infrastructure, such as uninterruptible power supplies (UPSs), to allow remote monitoring and management that minimizes the need for onsite support staff. While devices like UPSs may not traditionally come to mind when institutions consider potential cyberthreats, the same could have been said for devices like HVAC units or internet-connected thermometers before they became targets for major attacks.

RELATED: How can security operations centers help state governments?

Tips for Protecting Your Agency’s Power Management Systems

The growing importance of cybersecurity has made it imperative for power management providers to consider cybersecurity when adding connected capabilities to power management devices. Here are a few ways state and local government IT managers can incorporate cybersecurity safeguards into their power management strategies.

  • Use equipment that’s secure by design. Many of the organizations responsible for setting global security standards are expanding and redefining their processes for certifying the cybersecurity of products as it relates to backup power devices. On the market today are various UPS network management cards that comply with the latest UL 2900-1 and ISA/IEC 62443-4-2 certifications that require robust cybersecurity capabilities and features. By purchasing power management products that meet these certifications, IT teams can benefit from knowing their equipment uses the latest in encryption, certificate authority and public key infrastructure, in addition to configurable security policies.
  • Level up your security solutions. Beyond protecting against ransomware attacks, state and local agencies may wish to deploy further security measures, like a network air gap, which is designed to keep a computer network physically isolated from unsecured outside networks. For these agencies, that could include internet and/or local networks, with the objective of keeping sensitive information out of the hands of hackers so that IT teams can focus their efforts on serving citizens.
  • Ensure firmware is up to date. To best protect against emerging threats, it is critical to make timely firmware updates. Just look at news of the recent discovery of Ripple20 vulnerabilities, which put billions of internet-connected devices at risk. In order to properly secure power management equipment against these evolving threats, IT departments can deploy power management software and work alongside technology providers to ensure systems have the latest patches. Power management software can offer a graceful shutdown — which, in the case of an extended outage, will help IT teams save work in progress and prevent data loss.
  • Look to combine digital and physical security. Recent threats, such as those to Amazon Web Services’ data center infrastructure demonstrate that state and local agencies should also take physical security into consideration when it comes to their cybersecurity strategy and planning. Place safeguards like smart security locks on IT racks help to keep power management devices and other equipment secure while allowing only authorized personnel to have access to these components.

Ultimately, state and local agencies and their respective IT teams should aim to build a comprehensive plan for protecting power equipment, similar to plans for other internet-connected systems. The best strategies strike a balance between investing in inherently secure products and taking ongoing measures to ensure equipment is up to date with the latest policies, procedures and assessments.

EXPLORE: What are the top five questions a cybersecurity assessment should answer?

The Road Ahead for Securing IT Infrastructure

As internet-connected devices continue to proliferate, the public sector will continue to adopt new technologies that optimize efficiency and streamline day-to-day operations.

Amid this technological transformation, cybersecurity and IT teams will have to keep tabs on industry developments to ensure power management equipment and other network-connected devices have the latest certifications.

As their journey toward protection evolves along with the IT landscape, agencies can work to stay ahead of the curve by implementing a comprehensive cybersecurity strategy — one that incorporates power management.

PeopleImages/Getty Images

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT