North Carolina partners with Tanium to strengthen state cybersecurity
North Carolina’s Department of Information Technology announced Thursday that it has selected Tanium as the statewide endpoint management and cybersecurity platform for SecureNC, the state’s collaborative cybersecurity program that provides resources and guidance to state and local agencies.
According to the Thursday announcement, Tanium will help consolidate the state’s management and security operations on a single platform, with real‑time data and automated investigations of security threats. The voluntary initiative will roll out in phases across local governments, higher education institutions and other public entities.
For state Chief Information Security Officer Bernice Russell-Bond, the partnership is part of a broader effort to shift North Carolina’s cybersecurity from reactive to proactive and, more importantly, accurately reflect the current threat environment with the emergence of artificial intelligence tools.
“We all know with the development of these frontier AI solutions that they are going to help people in a cyber field, but they’re also used by our adversaries,” Russell-Bond told StateScoop in an interview this week. “And that’s going to allow them to not only identify vulnerabilities faster, but to try to exploit them faster, too.”
The state has already piloted the program with several local entities and reported more than a 40% improvement in cybersecurity posture among participating organizations after 60 days, according to Russell-Bond, who said the tools also helped improve its patch management cycle — shrinking remediation timelines from monthly cycles to less than 10 days.
“We’re patching as soon as we get a vulnerability and get that patch tested,” Russell-Bond said. “We’re cutting in half or more the time span that an adversary can exploit us.”
Russell-Bond, who’s been the state CISO for over a year, said one of her first priorities after joining NCDIT was assessing cybersecurity maturity and coverage across state agencies and local jurisdictions. She said she discovered staff shortages and resource constraints, where a single employee may be responsible for IT operations, cybersecurity and other technology functions.
“You just don’t have a whole team of IT experts in your cities and your counties,” Russell-Bond explained. “It may be one person doing 10 completely different functions.”
Russell-Bond said the need for stronger cyber defenses is particularly important given North Carolina’s economic and strategic significance, pointing to the state’s financial sector, research institutions, military facilities, ports and universities as factors that make it a “high-value target” for cybercriminals.
Charlotte, the most populous city in North Carolina with more than 940,000 residents, is the second largest banking center in the U.S., outside of New York City. The state also boasts nine active military facilities across the Army, Air Force, Marine Corps and Coast Guard, including Fort Bragg and Camp Lejeune.
In addition, the state capital Raleigh is home to the prestigious Research Triangle — a technology, biotech and academic hub spanning the universities of Duke, North Carolina-Chapel Hill and North Carolina State — that, according to Russell-Bond, houses a lot of “intellectual property bad folks want to get their hands on.”
“Cyber criminals look for targets where they can cause disruption and we have a lot of avenues where [a cyberattack] will cause a lot of disruption,” Russell-Bond said.
Though participation is voluntary, Russell-Bond said counties, cities, libraries, educational institutions and healthcare organizations have already expressed interest in joining the initiative. She said NCDIT plans to continue outreach and onboarding efforts throughout the summer as it works to expand cyber protections across the state.
“At the end of the day, it’s my data too, right? Because I live here,” she said.
