Most citizens often overlook the distinctions between different levels of government, such as federal, state, and local government entities, until they require specific services. However, each level operates under its own laws, regulations, funding mechanisms, and resources. Local government comprises numerous independent counties, municipalities, towns, and villages, each governed by its own officials. This diversity and autonomy can create significant challenges when it comes to cybersecurity.
Cybersecurity Vulnerabilities at All Levels
All levels of government, including local government entities, rely on computer systems connected to networks, making them vulnerable to cyber threats and attacks. While the federal government has taken steps to address its vulnerabilities through initiatives like Presidential Executive Order 14028 and the Zero Trust Maturity Model 2.0 by DHS-CISA, local governments face unique challenges in this regard.
Federal Government Infrastructure Bill and Local Government Grants
In 2021, the federal government passed an Infrastructure Bill that allocated a $1 billion four-year grant for local governments to strengthen their cybersecurity defenses, with state governments providing administrative support. This funding opportunity is a crucial step in addressing cybersecurity concerns at the local level.
Disparity Among Local Governments
Local government entities can be broadly categorized into two groups: “Haves” and “Have-nots.” The “Haves” are well-resourced entities with adequate cybersecurity budgets, leadership (CIO & CISO), staff, and necessary hardware and software solutions. They eagerly welcome the grant funding to bolster their cybersecurity defenses. In contrast, the “Have-nots” lack the resources needed to address cybersecurity adequately.
Challenges Faced by Have-nots
The primary reason why many local government entities, especially the Have-nots, do not address cybersecurity threats and attacks is a lack of funding. Attempts to engage with the Have-nots about improving their cybersecurity with grant funding often result in no response or “I don’t know.”
The Case for Regional/State Security Operations Centers (SOCs)
To make the most of the grant funds and improve cybersecurity across local governments, a compelling argument can be made for establishing regional or state-level Security Operations Centers (SOCs). The benefits of such consolidation include:
- Economies of Scale: Combining resources leads to cost savings.
- Reduced Capital Expenses: Eliminating the need for hardware and associated staff costs.
- Chargeback Operating Expenses: Leveraging cloud solutions for funding.
- Partnership Opportunities: Collaboration becomes more accessible.
- Streamlined Procurement: Reducing complexity and reliance on numerous vendors.
- Standardized architecture: Ensuring uniformity and efficiency.
- Focused Skillset: Narrowing the skillset required for support.
- Improve Incident Response: Enhancing readiness to address cyber incidents.
- Alignment with Zero Trust: Positioning local government for future-proof cybersecurity solutions.
Addressing cybersecurity vulnerabilities in local government entities is crucial to protecting sensitive data and critical services. The federal Infrastructure Bill provides a unique opportunity to allocate resources toward this goal. To maximize the impact of the grant funds, consolidating cybersecurity efforts through regional or state SOCs offers several advantages. This approach not only helps in cost reduction but also ensures a more coordinated and standardized response to emerging cyber threats, ultimately benefiting both “Haves” and “Have-nots” within the local government landscape.
David Cagigal is currently serving as a Board Member of the Wisconsin Cyber Threat Response Alliance (WICTRA) and as a CXO Advisor for Zscaler as well as an Executive Member to the State CIO Council for Ridge-Lane LP.
David Cagigal was appointed CIO for the State of Wisconsin in November 2012. As the CIO, he also serves as Division Administrator for the Division of Enterprise Technology (DET). DET manages the state’s IT assets and provides technology to state agencies such as computer services, voice-data-video telecommunications, and print and mail services. David retired June 2020. While as the State CIO, he collaborated with more than 30 Agency CIOs to implement an enterprise ERP (Oracle – Peoplesoft), consolidate all agency data centers into a single enterprise data center as well as improve broadband connectivity throughout the state to more than 760 state offices, local government, 425 K-12 School Districts, 350 libraries and influencing providers to connect the citizens of Wisconsin. David was also instrumental in improving cyber defenses in state and local government. He worked extensively with the Wisconsin National Guard, National Governor’s Association (NGA) and the Department of Homeland Security – CISA to protect 16 Critical Infrastructure/Key Resource Sectors. He also initiated the formation of Wisconsin’s Cyber Response Teams to address cyber threats and attacks. David was also the Chief Information Officer for Alliant Energy from 2004 to 2011 serving electric and gas customers in Wisconsin and Iowa. David has held executive IT positions at DeVry University, DePaul University, Maytag and Amoco.
Leave a Reply
You must be logged in to post a comment.