Feb 09 2023

Why Federal Grants Are Critical to State and Local Cyberdefenses

Small governments in particular must build partnerships to protect data and secure systems.

As supplemental federal COVID-19 funding runs out and inflation makes it increasingly more expensive for state and local governments to borrow money, department budgets will remain tight. More than ever, it will be vitally important for state and local jurisdictions to take advantage of funding opportunities to bolster their cyberdefenses.

In an effort to strengthen cyberdefenses across all governmental jurisdictions, the White House announced a first-of-its-kind State and Local Cybersecurity Grant Program. The program, which is part of the 2022 National Security Strategy, will provide $1 billion for state, local and territorial governments over four years to combat cyberthreats to critical infrastructure.

This funding is vital. State and local governments house incredibly sensitive data, from personal information flowing through social services to critical updates being pushed to infrastructure grids. They are also becoming increasingly connected across jurisdictions. That means an attack on even a small, local government could be incredibly damaging.

Click the banner below to receive curated security content by becoming an Insider.

Cyberattacks Target State and Local Government Infrastructure

The recent spike in global ransomware attacks underscores the urgency for state and local governments to apply for federal cyber grants and bolster their critical infrastructure defenses. The FBI, the Cybersecurity and Infrastructure Security Agency and the National Security Agency collectively reported cyber incidents involving ransomware against 14 of the 16 U.S. critical infrastructure sectors. Those categories include the defense industrial base, emergency services, food and agriculture, government facilities, and IT sectors.

Unfortunately, state and local governments continue to face cybersecurity challenges. A 2022 report from Stanford Law School’s Center for Internet and Society revealed that nearly one-third of local governments in the United States would be unable to tell if they fell victim to a cyberattack. Beyond that, nearly half of local governments that did know they were under attack were being attacked at least daily.

President Joe Biden highlighted this reality in his 2022 National Security Strategy. The Biden administration wants to ensure that new and upgraded state and local infrastructure is “built to endure, meeting modern standards of safety and security, which includes cyber protections.”

EXPLORE: Why visibility is vital for government IT network security.

Agency Resilience and Recovery Plans Focus on Data Protection

Funding is only part of the equation. Departments need to know what to do with those dollars and where to deploy them most effectively. That includes instituting a resilience and recovery plan for use in the event of an attack. There’s a baseline minimum of cybersecurity capabilities that governments must adopt to make their data more recoverable and their systems more resilient.

This starts with establishing a broad protection platform. State and local governments increasingly keep their data on a mix of IT infrastructures ranging from cloud to on-premises and even virtualized systems. This means that any data plan must account for those different locations while also being scalable to changing resources and technology needs. The ability to instantly and securely back up data is central to recovery after an attack.

To ensure that data remains secure and usable in the event of an attack, state and local government IT teams must verify the data integrity of any backups at the moment they are saved. This requires verifying data backup quality and making it immutable.

Some experts recommend following the “3-2-1-1-0” backup rule. This calls for at least three copies of important data on at least two different types of media, with at least one of these copies stored offsite and one offline. Finally, there must be zero errors following automated backup testing and recoverability verification.

Finally, organizations need a process to fend off data exfiltration. Though immutable data backups are crucial, end-to-end encryption and classic cyber hygiene practices still must be deployed to help guard against data exfiltration or alteration by an attacker. That means using unique passwords for every login source, employing strong multifactor authentication, and removing unused devices, applications and non-essential programs.

LEARN ABOUT: Why strong asset management is necessary for successful continuous monitoring.

Ultimate State and Local Cybersecurity Requires Partnerships

Even with a funding boost, state and local governments cannot take on cyberattacks against critical infrastructure alone. It is incumbent upon the federal government, along with its private sector partners, to continue aiding these smaller governments in their fight against a decentralized army of private citizens and nation-state actors.

Our connected world has brought many advantages for state and local governments. From simply being able to share information with other jurisdictions to working together on projects that improve the quality of life for residents, we live in an exciting time of breakthroughs and discoveries.

With that great power comes the responsibility to make sure networks and the data that travels through them are secure. Cybercriminals have not been shy about exploiting local governments’ quest to bring modern infrastructure to their citizens. State and local governments need support to make their visions a reality without compromising security.

tsingha25/Getty Images

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.