Local government cybersecurity plans face challenges due to resource constraints, constituent needs, and decentralization. As such, security teams must identify the data, assets, and systems that are most critical and those that are at highest risk and devise specific security strategies to protect them.
Many available resources for government cybersecurity plans are focused on the federal level. While helpful to a degree, the best practices and recommendations included in them are not always directly transferable to local government use cases.
That’s why we’ve outlined the top four overlooked fundamentals to consider when building customized cybersecurity plans for their local governments. We’ll cover essential information on mitigating insider threats, conducting risk assessments, and technology tools relevant to municipal needs — which will help customize your security plans in a way that can supercharge small local teams.
According to the 2023 Verizon Data Breach Investigations Report, 16% of documented incidents at public sector entities are driven by insider threats. Whether intentional abuse or unintentional misuse, tight permissions controls can prevent problems.
One such security guideline that teams can easily set up is establishing proper permissions for existing or former employees. As such, it’s essential for local government security teams to create a comprehensive onboarding process that addresses permissions issues.
The New Jersey Cybersecurity Communications & Integration Cell recommends that local governments consider the following steps when establishing protocols for properly onboarding and offboarding employees:
Local governments can make the best use of the limited security resources they have by identifying where they’re most at risk and most vulnerable—and then focusing their efforts on safeguarding those processes and assets.
Risk assessments are useful in establishing where limited resources are best allocated — and also creating an effective incident response plan. Resource-strapped IT teams don’t have to start these plans from scratch. For example, our blog on building out incident response plans walks through the four critical components each plan should have according to NIST, which are:
Additionally, CISA provides a comprehensive guide on cyber risk assessment that recommends breaking the process down into the following steps:
Again, IT teams in local governments don’t necessarily have to rely on outside vendors for comprehensive risk assessments. The Department of Homeland Security offers an Infrastructure Survey Tool that municipal entities can use to analyze and assess overall risk and resilience.
CISA also hosts several resources for standardized, vetted approaches to accurate risk assessment. These assessments are based on the MITRE ATT&CK® framework, which is founded on an extensive knowledge base of documented attack methods, tactics, and incidents.
The MITRE ATT&CK® framework is frequently used by public sector entities—and for good reason. This framework provides guidelines that help turn data sources and data logs into actionable response plans and strategies, which is why ESG reports 48% of organizations extensively use MITRE ATT&CK® and CISA recommends that local governments adopt the framework for security operations.
Resource-strapped IT teams can streamline the risk assessment process by engaging in risk prioritization, or identifying the risk scenarios and events that matter the most to their organization. That way, they aren’t constantly slogging through data or alerts on cyber news or that don’t actually end up mattering. Leaner IT teams can enact effective risk prioritization by leveraging a risk management program — specifically one that uses automated processes — to take a majority tasks off their plates while ensuring proper risk assessment.
Additionally, effective risk assessment can drive down cyber insurance costs, which historically challenges local governments with high (and still rising) premiums. Insurers respond strongly when local government IT teams provide as much information as possible on potential cyber risks, the details of which are much easier to procure with a strong risk assessment process.
For more information on creating comprehensive risk assessments, IT teams can refer to CISA’s cyber risk assessment toolkit.
Controls should be selected based on the findings of risk assessments, which should identify where municipal entities are most at risk. Local government teams need to selectively choose security controls that prioritize their goals. Once chosen, most risk management tools can leverage automation to automatically tag or flag important risk events — and only push the ones requiring immediate human intervention to the security team’s desk.
IT teams can reference CISA’s list of cyber essentials as a solid place to start, then build out more specific controls and priorities based on findings from risk assessments and threat landscape research.
Although more specific controls and policies will depend upon individual needs and goals, IT teams working for municipal entities can continue to invest in the following familiar tools and strategies to ensure a foundational level of protection:
SIEMs: Resource-strapped teams can utilize a SIEM to collect security data across their entire digital footprints into a centralized source, which makes it much easier to identify potential incidents, threats, and risks.
A practical example of this in action is Ottawa County’s successful implementation of Blumira’s SIEM solution, which significantly enhanced their cybersecurity posture without adding to their team’s workload.
Security professionals in local government should look for SIEM solutions that support hybrid security, providing the enhanced visibility needed for consistent protection across diverse environments.
Patch management: Patch management is especially important when working with legacy systems and tools, as these assets can quickly become outdated or even have support go offline, which means there will be no patches for new vulnerabilities.
For example, local government IT teams should institute best practices like patching applications and software as soon as patches are available. This is the one of the easiest, most cost-effective ways to prevent breaches and mitigate risk, as well as detect zero-day exploits before they become a problem.
Access controls: Access controls are especially important in local government as they can specifically help mitigate internal threat incidents.
For more information on potential threats related to credential access, local government IT teams can reference the MITRE ATT&CK TA0006 resource.
Firewalls: These help safeguard sensitive networks and monitor and control network traffic—which also helps identify suspicious behavior.
If your teams are dealing with outdated or offline tools, you can refer to the OWASP’s vulnerable and outdated components resource for next best steps.
Local government IT teams are usually small, which means they can run into resource challenges. CISA and FEMA designed the State and Local Cybersecurity Grant Program (SLCGP) to allocate funds to smaller government IT teams and help support cybersecurity projects and strategies.
In FY 2023, a total of $374.9 million was made available through this grant. As the program aims to provide $1 billion over a four-year period, there is a considerable amount of funding that resource-strapped IT teams can and should take advantage of.
Local government teams can best qualify for funding by demonstrating clear dedication to their existing cybersecurity programs, such as building effective incident response plans, managing and retaining security logs, and documenting continuous improvement of their cybersecurity posture.
According to the Government Accountability Office, the following grant programs also provided funding to support cybersecurity goals and needs for FYs 2021 and 2022:
Keep in mind there are several requirements that state and local governments must meet to make them eligible entities for this program. Learn more about how to qualify and ace the State and Local Cybersecurity Grant Program application.
When cybersecurity plans center around each individual municipal entity’s goals and needs, they empower IT teams to focus on the right things at the right time. Aim to build comprehensive and effective strategies, utilize the right security tools (such as a purpose-built SIEM for smaller teams), and implement the right security controls, and you can prevent, detect, and respond effectively to incidents.
Local government IT teams, fortunately, have access to more tools today than ever before that are appropriate for their size and needs. Investing in the right tools, strategies, and programs is the key to keeping constituents—and their data—safe. Discover the benefits of choosing a cloud SIEM tailored for local government cybersecurity and how it aligns with NIST standards for enhanced security.
Local governments will benefit from complete visibility into their entire digital environment. Learn more about how to choose the right cloud SIEM to accomplish this today.