Sponsored Content: The lack of competition between state and local governments gives them the unique position to share threat intelligence and data in a way the private sector cannot.
State and local governments have a leg up when it comes to strengthening their cybersecurity posture, says Peter Mosmans, an international private sector cybersecurity consultant and pen tester.
“Government collaboration is somewhat more different than the private sector,” Mosmans says on a StateScoop podcast. “You often have a competitive relationship and you don’t want to spill your proprietary information or any information, for that matter. Companies in the private sector are more hesitant to share that information, as opposed to the state and government level.”
Mike Hussey, the chief information officer of Utah, says on the podcast that his ability to share and partner with agencies makes his cybersecurity stronger.
Mike Hussey, Utah's CIO, and Peter Mosmans, a pen tester for Go Forward.
“When you have a cooperative of 50 states or even cities and counties joining together, you certainly get to share the intelligence that’s among all of those communities and level or raise the level of the boats in all of the harbor here,” Hussey says.
In his state, Hussey says he relies heavily on the Multi-State Information Sharing and Analysis Center — an initiative funded by the federal Department of Homeland Security and housed at the Center for Internet Security — to disseminate information to state agencies as well as local governments in Utah.
“We develop those relationships with the counties and the cities and begin to bond together and find improvement because of the synergy that happens between all of us together,” Hussey says. “You start to see a little more proactive approach because now you’re catching [things like ransomware] earlier in the process.”
For Mosmans, it’s that level of collaboration that gives the public sector an advantage. The private sector, however, has had the opportunity to cooperate more without necessarily sharing proprietary information.
“It used to be that only security professionals were the people that were actually invested in security and looking around for new knowledge and new intelligence,” Mosmans says. “People now more see the necessity themselves. It more becomes a shared thing as opposed to a specialized thing.”
On the podcast:
- Mike Hussey, chief information officer, Utah
- Peter Mosmans, lead pen tester and security consultant, GoForward
- Jake Williams, associate publisher and director of strategic initiatives, StateScoop
What to listen for:
- A 2012 “potential data incident” with a Medicaid system in Utah caused the state to take an introspective look at how it operates — and then strive for improvement, Hussey says.
- From the private sector side, companies have been encouraging consumers to connect devices to the internet much faster than we can defend it. Legislation and regulation around cybersecurity have not kept up with that, Mosmans says.
- Albert sensors — a derivative of the Department of Homeland Security’s Einstein cybersecurity defense project — monitor state and local government networks through the MS-ISAC to provide proactive intelligence alerts, Hussey says.
- In the private sector, Mosmans says he is seeing a greater interest in cybersecurity across organizations — not just with technology leaders.
- Hussey is working to organize the state’s cybersecurity resources into a cyber center to improve the state’s cybersecurity posture.
This podcast was brought to you by Pluralsight and produced by StateScoop.
Learn more about how Pluralsight can help you build a stronger cybersecurity workforce.