Security

Cybersecurity Awareness Month Focus Areas for State and Local Government

Key themes emerge as jurisdictions across the country mark October with training and security campaigns.

Dominick Sorrentino is web editor for StateTech.

State and local agencies nationwide are marking Cybersecurity Awareness Month. Oregon and Colorado are leaning into the National Cybersecurity Alliance’s 2025 theme of Stay Safe Online, while North Dakota Information Technology has taken its own angle with its Stay Cyber SMART campaign. The citizen-facing message here is clear: Prioritize cybersecurity literacy for a safer digital experience.

“Cybersecurity isn’t just a tech issue. It’s a people issue,” said North Dakota CISO Chris Gergen in a press release. “We want every North Dakotan to feel confident navigating the digital world.”

But cities and states are also using cybersecurity awareness month for information sharing and training among employees. For example, Washington hosted a virtual event titled “Don’t Panic! A Hitchhikers Guide to Incident Response.” San Jose scheduled a Cybersecurity Awareness Day event for municipal staff at City Hall on Oct. 15.

As jurisdictions use cybersecurity awareness month to reprioritize cyber hygiene, these are some of the core themes that will be covered.

Click the banner below for exclusive cybersecurity insights.

x_security_q325_animated_click_desktop_01

x_security_q325_animated_click_mobile_01

Workforce Development and User Awareness Training

Workforce development and user training is central to discussions at state and local agencies, and some jurisdictions are holding events to drum up interest. San Antonio College, for example, is hosting a hackathon at the end of October. These grassroots gatherings are key to cultivating a local cybersecurity talent pipeline.

User awareness training is also crucial to improving cyber hygiene in the public sector, and according to Eric Marchewitz, field solution architect at CDW, it should be the top priority for state and local governments.

“Of all the things that a town, county or other small jurisdiction can invest in to improve its cybersecurity posture, consistent, practical training for end users delivers the greatest bang for the buck,” he writes in a StateTech blog.

The Convergence of OT and IT Cybersecurity

It’s no coincidence that the Cybersecurity and Infrastructure Security Agency chose Building a Cyber Strong America as its theme this year. Cyberattacks against critical infrastructure have increased in recent years.

As operational technology (OT) and IT converge, utilities and other continuous integration providers will be forced to optimize their asset discovery and management and find new and more efficient ways to secure their environments.

Artificial intelligence will play an important role here, as will network segmentation and smart use of existing security solutions. Petersburg, Va., for example, is using secure access service edge technology to secure the city’s water pumps, which are connected via an open LTE network.

DISCOVER: See how municipalities secure their public utilities.

Physical Security’s Crossover With IT

State and local governments are integrating digital technology such as computer vision for surveillance systems and digitally enabled access control management into physical security. Just like with OT and IT, the lines between cyber and physical security are beginning to blur.

SUBSCRIBE: Sign up for the StateTech newsletter for weekly updates.

Opelika, Ala. deployed advanced, AI-enabled security cameras to help monitor for and deter vandalism involving bubbles in a public fountain. In Cobb County, Ga., a local law enforcement agency optimized its real-time crime center and was able to more easily process surveillance feeds and other sensors, such as gunshot detection technology.

The bottom line: from protecting evidence to enabling the connectivity needed to install surveillance cameras in remote locations, law enforcement, utilities and other critical state and local entities are already digitizing physical security.

LEARN MORE: Law enforcement and utilities digitize physical security.

Security Revolves Around Identity and Access Management

Identity and access management among government employees is all about striking the right balance between security and user-friendliness. How do you implement the right access controls without making access cumbersome for the workforce? It’s a key question at all levels of government, and some jurisdictions believe they’ve found an answer. In Massachusetts, it takes the form of cloud-based identity and access management.

“Entra ID has helped enable employees’ single sign-on abilities to access their work resources, even remotely, which simplifies access while mitigating security risks,” says Jason Snyder, CIO for Massachusetts and secretary of the state’s Executive Office of Technology Services and Security.

The takeaway from the Bay State’s success story is clear: Security hygiene must be enforced, but that can happen without compromising the employee experience.

EXPLORE: State governments automate user privileges to assist with identity management and access.

Cyber Resilience Is the Key to Business Continuity

Gary Coverdale, CISO of California’s Santa Barbara County, says that ransomware is what keeps him up at night, and the closest thing he has to an antidote is the ability to make a swift recovery. He’s not alone.

In Birmingham, Ala., a ransomware attack brought the city to its knees in 2024, but a recovery-ready backup system helped it get back up and running quickly. In Fort Lauderdale, Fla., torrential rains in 2023 would have killed City Hall servers had it not been for an IT modernization effort.

According to Scott Opalewski, part of CDW Government’s Digital Velocity team, “Business continuity and disaster response isn’t about getting back to normal; it’s about staying operational no matter what.” Ransomware and other cyberattacks have wreaked havoc on state and local entities in years past. While it isn’t always possible to prevent them, it is essential to be able to bounce back with minimal disruption, and there are ways to do that.

KEEP READING: See why local governments need business continuity and disaster recovery.

gorodenkoff/Getty Images