State and local governments have increasingly fallen prey to cybercriminals seeking to exploit often outdated technology systems and limited cybersecurity resources. Their vital role in delivering essential public services, coupled with the vast amounts of sensitive citizen data they store, makes them attractive targets. Attacks on government institutions not only disrupt crucial services but also compromise the personal information of countless individuals.
As nation-states and cybercriminals increasingly target state and local governments, the need for both practical cybersecurity strategies and collaborative federal and international-level intervention is clear.
This post dives into the driving factors behind the targeting of this sector at state and local-levels, the consequences they pose, and what government entities can do to safeguard themselves from cyber threat actors.
Examining the Risks | Why State & Local Governments Are a Target
Too frequently burdened by limited security budgets, aging technology, and small IT departments, state and local governments have emerged as prime targets for cyberattacks.
From social security numbers to tax information and voting records, state and local entities operate as the storehouses for all sensitive citizen data within their jurisdiction. Since they provide such a wide array of public services, including healthcare, education, transportation, and public safety, they are an essential link between individual citizens and critical infrastructure of the private sector.
To complicate matters, state and local governments often rely on outdated, legacy technology and systems that are often susceptible to exploits of known vulnerabilities. With budget constraints and bureaucratic challenges, the lower branches of government face challenges in managing core cybersecurity tasks such as timely updates and patches. It is also rare for local entities to have a team of cybersecurity specialists managing their systems – small, in-house professionals are tasked with all IT matters. Cyber attackers often see these institutions as soft targets with weaker defenses compared to organizations within the private sector.
Already strapped by a lack of funding and cybersecurity expertise, state and local governments further contend with massive volumes of sensitive data that are incredibly appealing to cyber criminals. Personal information, financial records, and even election data can be used for identity theft, fraud, and espionage.
Disrupting their operations can cause widespread chaos and stolen data of this nature is considered a hot commodity across the dark web. Attacks on government entities not only compromise individual citizens but can also be exploited for larger-scale campaigns, influencing political and economic outcomes in more extensive, future attacks.
The Challenge of Ransomware | How State & Local Governments Are Impacted
Ransomware has been around for three decades, but recent years have changed the public’s perception of how much a successful attack can affect their day-to-day lives. Prominent examples such as the attacks on Colonial Pipeline, JBS Foods, and more recent ones like the disruption of Dallas’s 911 computer system, water systems, and court services put a magnifying glass on just how wide-spread the aftermath can be for citizens. Other than disrupting daily operations, assaults on local government entities can amass recovery expenses reaching millions, regardless of whether ransoms are paid or not.
A recent study found that ransomware attacks in both state and local-level governing bodies have increased again from 58% in 2022 to 69% in 2023. These numbers top the global cross-sector trend that tracks ransomware attacks at an average of 66%. Now at its highest point in three years, more than three quarters of all ransomware attacks are focused on the lower branches of government with the end goal being data encryption and theft by threat actors.
Taking a closer look, the stats show that the leading causes of these ransomware attacks stem from exploited vulnerabilities (38%), compromised credentials (30%), and business email compromise (BEC) at 25%.
Other Cyber Risks Faced By The Public Sector
Like many other organizations, state and local governments face the daily onslaught of phishing attacks. Cybercriminals craft malicious emails and leverage victims’’ trust in official-like communications. Given the decentralized nature of government structures, security awareness training is typically inconsistent across various entities, making it easier for threat actors to trick privileged users into revealing sensitive information or launching malware.
Business Email Compromise (BEC)
State and local governments’ extensive networks and financial transactions present lucrative opportunities for threat actors running business email compromise (BEC) schemes. Cybercriminals impersonate officials to manipulate employees into transferring funds or sensitive information. The high level of trust among colleagues can make it challenging to detect fraudulent requests, highlighting the need for robust authentication and communication protocols.
Known Vulnerabilities In Unpatched Software & Outdated Code
Limited budgets and bureaucratic red tape often hinder the process for patch management in state and local governments. This results in unpatched and outdated code, creating a fertile ground for cyber vulnerabilities. Attackers exploit known weaknesses to breach networks and compromise data, taking advantage of the interconnected nature of government operations to reach more associated networks.
Building A Stronger Cybersecurity Posture In The Public Sector
For municipal-level governments, constrained financial resources frequently dictate limits on their ability to maintain their cyber defenses. With multiple vendors offering specialist tools to solve specific problems, a limited budget can soon become exhausted as inexperienced teams try to manage both technical debt and the rise in adversary tradecraft.
The public sector can take a leaf out of the private sector’s book to help manage the cybersecurity budget, choosing solutions that both allow integration of existing tools and which offer a platform-approach to securing the entire organization. Alongside delivering more ‘bang for your buck’, a consolidated approach reduces pressure on the IT or security teams as there are fewer tools to learn and administer.
At the same time, leaders in state and government institutions responsible for allocating budgets are now being encouraged to follow the Biden-Harris administration’s lead in prioritizing cybersecurity as an essential service that must be delivered. The cost of failing to do so far outweighs the cost of consolidating multiple tools into a single platform.
It is also important to improve cyber hygiene to build up a stronger security posture. This can be achieved through a combination of up-to-date training, regular review of a security policy, and the use of a shared responsibility model that outlines the importance of security for all roles.
Leaders of state and local governments can action the following to improve their defenses:
- Create a Security Policy – Cybersecurity needs to be viewed as a shared responsibility rather than being relegated to IT teams. A trickle-down policy communicated by leaders can help employees adopt a digital security mindset.
- Implement a Patch Management Schedule – Ensure the prompt update of all systems, applications, and platforms to their latest versions on a regular basis. Follow CISA guidelines on known exploited vulnerabilities and leverage existing security technology to ease the pain.
- Understand the importance of Identity Security – user accounts can provide points of entry for adversaries, and organizations need to think beyond traditional endpoint and network security to include protection of user identities. As a minimum this might include Identity and Access Management but more comprehensive security should include Identity Threat Detection and Response (ITDR).
- Foster Cybersecurity Training Programs – A well-rounded cybersecurity training program equips employees with the knowledge and skills to identify and mitigate cyber threats such as spoofing, social engineering, malicious links, and more.
- Design a Cyber Disaster Recovery Plan – Cyber disaster recovery plans ensure quick and effective responses to cyber incidents and minimized downtime. Begin by conducting a thorough risk assessment, identifying critical systems and data. Then, develop a comprehensive plan that outlines roles, responsibilities, communication protocols, and recovery procedures.
- Establish Routine Data Backups – Having consistent backups helps entities recover more efficiently in the case of a cyber incident. Identify critical datasets, systems, and applications that demand regular backups. Then, select a secure, off-site storage solution and establish a well-defined backup schedule that accommodates any changes and updates to data.
Conclusion | Ongoing Support To Protect State & Local Governments
In 2022, the Biden-Harris Administration committed to directing $1 billion in funding toward state and local cybersecurity initiatives over the next four years. The grant program aims to bolster the establishment of critical governance frameworks that will focus on pinpointing key vulnerabilities, determining mitigation strategies, and addressing cyber workforce recruitment needs, including the placement of qualified individuals like Chief Information Security Officers (CISOs), Chief Information Officers (CIOs), and Chief Technology Officers (CTOs).
This program is the latest example of a unified strategy between the Department of Homeland Security (DHS), the Federal Emergency Management Agency (FEMA), and CISA to provide the resources and cutting-edge technology that state and local governments can deploy to build a proactive defense against evolving threats.
Autonomous detection and response mechanisms play a vital role in this long-term program. Using the power of artificial intelligence and machine learning, advanced solutions like eXtended Detection and Response (XDR) can rapidly identify anomalies, unusual activities, and potential threats across vast networks. XDR solutions also give governments unrestricted visibility into their various systems, allowing for real-time responses to security events before they can lead to data encryption and critical infrastructure downtime.