Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Cyber Exposure Meets Political Practicality

CyberScoop’s Opportunities for Improving Cybersecurity Visibility at State & Local Government Agencies is an outstanding summary of the current state of cyber preparedness in state and local government agencies. Like most survey summaries, it presents the results as cold, hard facts. It also, in some respects, is comparative, and in a way not unlike the study of comparative politics.  

In analyses of any subject related to IT in the state and local government sector, there are always unconscious comparisons to the private sector. The question many people ask when they encounter statistics related to state and local government is: “Why can’t the state (or city, or county) be run more like a business?”

The truth is that government – especially state and local government – can be more businesslike, but it will never be run like a business. The reason is political practicality.

There is one federal government, 50 state governments, 3,800 county governments and more than 18,000 local governments. As you move down that continuum, the amount of citizen (read: voter) involvement increases exponentially. Political practicality dictates that constituent issues be addressed with greater velocity as the size of the government entity gets smaller. This greatly affects the ability for government to address broader issues like cybersecurity. It also means that a greater proportion of the limited government funds are used to address the most pressing constituent issues, which leaves less for the IT line items.

Looking at the results of the recently released CyberScoop survey, Opportunities for Improving Cybersecurity Visibility at State & Local Government Agencies, through the lens of political practicality puts it in clearer context and suggests how the private sector can better assist state and local governments in improving their cyber hygiene and their Cyber Exposure posture. Let’s look at some of the findings:

“Half of state and local IT leaders face a shortage of skilled cybersecurity talent.”

Cyber analysts don’t put out fires, get cats out of trees or drive police cars and make arrests. The vast majority of city revenues go toward public safety. So, let’s put cybercrimes under the jurisdiction of the chief of police. This would certainly make it easier to request and appropriate funds. It would also make those jobs more attractive to those who want to work in local government to “serve and protect.” The private sector can create “weaponized” cyber tools for the exclusive use of local law enforcement.

“The findings clearly suggest a widespread, if not urgent, need for tools that can provide real-time situational awareness across a variety of networks.”

In the hierarchy of IT funding in state and local government, tools are always going to be underfunded because they don’t involve people doing things. It’s that simple: Local constituents see people – “feet on the street” – as the solution to local issues. Creating SaaS applications that minimize investments are critical to correcting this under-investment. Cooperatives of states or cities throughout a region are common, and a “cyber cooperative” would be a logical extension of that concept. For example, Southeastern Georgia has a “Cybersecurity District” that allows governments to pool cybersecurity resources.

“Adding to that challenge is the lack of control those officials have over systems and devices operating beyond their security infrastructure, including third-party contractors.”

Political winds change often, especially when new administrations come in with mandates to address specific issues. This often leads to IT builds that are purportedly “platform agnostic,” but also “disintegrated.” This “disintegrated” set of solutions creates an expanded cyberattack surface by increasing the number of patches and upgrades necessary to ensure compliance with standards. Suggesting a “cyber integrator” model that provides both tools and professional services to address this concern would be a breakthrough for local CIOs, especially. Adding the need to integrate – in advance – each new IT initiative with existing Cyber Exposure tools and approach would be a game-changer. It would likely require statutory or local ordinance enforcement, but it would create consistency in the ever-changing political landscape.

For a full look at the survey results, download the CyberScoop report today.

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training