State and local governments have a leg up when it comes to strengthening their cybersecurity posture, says Peter Mosmans, an international private sector cybersecurity consultant and pen tester.
Government collaboration is somewhat more different than the private sector, Mosmans says on a StateScoop podcast. You often have a competitive relationship and you don’t want to spill your proprietary information or any information, for that matter. Companies in the private sector are more hesitant to share that information, as opposed to the state and government level.
Mike Hussey, the chief information officer of Utah, says on the podcast that his ability to share and partner with agencies makes his cybersecurity stronger.
When you have a cooperative of 50 states or even cities and counties joining together, you certainly get to share the intelligence thats among all of those communities and level or raise the level of the boats in all of the harbor here, Hussey says.
In his state, Hussey says he relies heavily on the Multi-State Information Sharing and Analysis Center an initiative funded by the federal Department of Homeland Security and housed at the Center for Internet Security to disseminate information to state agencies as well as local governments in Utah.
We develop those relationships with the counties and the cities and begin to bond together and find improvement because of the synergy that happens between all of us together, Hussey says. You start to see a little more proactive approach because now you’re catching [things like ransomware] earlier in the process.
For Mosmans, its that level of collaboration that gives the public sector an advantage. The private sector, however, has had the opportunity to cooperate more without necessarily sharing proprietary information.
It used to be that only security professionals were the people that were actually invested in security and looking around for new knowledge and new intelligence, Mosmans says. People now more see the necessity themselves. It more becomes a shared thing as opposed to a specialized thing.
On the podcast:
- Mike Hussey, chief information officer, Utah
- Peter Mosmans, lead pen tester and security consultant, GoForward
- Jake Williams, associate publisher and director of strategic initiatives, StateScoop
What to listen for:
- A 2012 potential data incident with a Medicaid system in Utah caused the state to take an introspective look at how it operates and then strive for improvement, Hussey says.
- From the private sector side, companies have been encouraging consumers to connect devices to the internet much faster than we can defend it. Legislation and regulation around cybersecurity have not kept up with that, Mosmans says.
- Albert sensors a derivative of the Department of Homeland Security’s Einstein cybersecurity defense project monitor state and local government networks through the MS-ISAC to provide proactive intelligence alerts, Hussey says.
- In the private sector, Mosmans says he is seeing a greater interest in cybersecurity across organizations not just with technology leaders.
- Hussey is working to organize the states cybersecurity resources into a cyber center to improve the states cybersecurity posture.
This podcast was produced by StateScoop and underwritten by Pluralsight.
Learn more about how Pluralsight can help you build a stronger cybersecurity workforce.