#123 Cybersecurity in Public Sector
Subscribe to get the latest
on Wed Feb 15 2023 16:00:00 GMT-0800 (Pacific Standard Time)
with Darren W Pulsipher, Jim Richberg,
In this episode, Darren interviews Jim Richberg Forinet's Field CISO of the Public Sector, discussing the differences in cybersecurity in the public sector. The federal government is very different from state and local governments concerning cybersecurity and their approaches.
Keywords
#cybersecurity #ransomeware #automation #government #people #process #technology
Jim has extensive experience in cybersecurity, and the public sector, including as national intelligence manager of cybersecurity for the director of national intelligence. While working in the public sector for several years, he has played offensive and defensive cybersecurity roles. He is now working in the private sector as a Field CISO of the Public Sector.
Differences between Federal, State, and Local Governments
There are fundamental differences between the federal, state, and local governments, including funding, expertise in cyber warfare, and attack surface. Even the threat actors for each level of government are fundamentally different from each other. For example, the federal government tends to deal with highly sophisticated nation-state cyber-attacks, while state and local governments rarely see these types of attacks directly. This is primarily due to the cybersecurity preparedness of federal agencies compared to state and local governments.
Where the federal government primarily deals with attacks that gather data, compromise data or shut down assets, state and local governments tend to deal with ransomware attacks where data and infrastructure are held hostage. These attacks differ from the typical cybersecurity threats the federal government deals with daily and require different skill sets and cybersecurity positions.
The Cyber Talent Shortage
One common problem that all levels of government deal with is a need for cybersecurity talent. Most talent tends to move to the private sector, where salaries are higher and more attractive to top cybersecurity talent. However, the federal government has attracted top talent through interesting “mission impossible” programs that attract top talent looking for challenging problems.
The same is not valid for state and local governments where financial resources are tighter, and cybersecurity projects are less attractive to type cybersecurity professionals. This has left several state and local governments with a significant gap in cybersecurity talent and, consequently, vulnerable to cyber-attacks. Sometimes, local governments don’t have a strategic cybersecurity plan or a professional on staff.
The private sector is beginning to offer cybersecurity as a service for many of these local governments that need help finding and retaining talent in their organizations. These services include cybersecurity strategic planning, ransomware negotiation, cyber attack forensics, cyber threat detection, and cyber prevention technologies.
Ubiquitous Cyber Attacks
In the past, state and local governments rarely concern themselves with physical attacks from other nations. However, because ongoing cyber wars between countries and states have no physical boundaries, there are times when state and local governments are collateral damage in these cyber battles. Often, targeted cyber-attacks from one nation to another have “gotten loose” and severely damaged state and local governments.
CISA has created regions to help state and local governments deal with cyber attacks that penetrate the borders of the United States. Additionally, state and local governments are beginning to share best practices, detected cyber attacks, and common vulnerabilities found in their infrastructure. Additional funding from the federal government is helping these organizations shore up their cybersecurity positions.
Critical Infrastructure Cyberattacks
One of the most concerning trends is the increased attack on systems that manage critical infrastructure, specifically power generation and distribution. Because the power grid comprises several private, state, and local government collectives rather than a centralized federal government agency, managing and protecting the nation’s power grid is complex and daunting. Larger organizations tend to have a better cybersecurity position than small municipal utility companies leaving them at risk of cyber-attacks. However, not all is lost in protecting our critical infrastructure, as organizations in these vertical industries share the best physical and cyber security practices.
Zero Trust Architecture
Jim and Darren agreed that the term zero trust architecture has been overused and lost its impact as the private sector quickly adopted this term and attached it to everything dealing with cybersecurity. However, they both agree that zero trust principles must be adopted in organizations to protect their valuable assets fully. These principles include: verifying explicitly continuously, using least-privilege access, assuming a breach, and automating context collection and response. These principles can be implemented through technology, process improvement, and training.