State and local partnerships boost efforts to combat cyber risks

Collaborative initiatives among state and local governments, aided by industry partners, are giving agencies increasing ammunition to combat cyberthreats, according to a veteran IT expert.

The growing level of cooperation reflects, in part, a shared need to overcome continuing shortages in technology workers — and cybersecurity expertise in particular, says Allan Wong, director for U.S. public sector at Tenable. By joining forces, state and local IT leaders are also able to share technology capabilities and conserve budget resources.

“The increase in automation and solution capabilities that allow agencies to do more with existing resources will become increasingly important,” he says. In addition, the increased collaboration is helping to accelerate “risk-based vulnerability management approaches, that build on predictive prioritization [of threats] from your endpoints to your networks and to your hybrid data centers.”

Wong discusses how the changing threat landscape has fostered these partnerships in this podcast, produced by StateScoop and underwritten by Tenable:

Collaboratively fighting cyberthreats

“Treating cybersecurity defense as a team sport is a trend that will continue to grow. When it comes to protecting critical infrastructures, advocates of these approaches have pointed to a strong culture of cooperation between many levels of government, as well as private sector stakeholders,” Wong says.

The move towards collaboration “is really being driven by the realization that all levels of government are facing the same common threats,” Wong says. “The more connected and coordinated we are in our response to these threats will really improve our effectiveness and efficiencies. This approach also produces increased level of flexibility and sharing of resources to focus on immanent threats, regardless of the specific agencies that are being targeted.”

A few states that he has noted are taking this collaborative approach to cybersecurity are Texas, Louisiana, Virginia, North Carolina and North Dakota.

Advice for leaders just getting started

“Whole-state approaches avoid reinventing the wheel in the way government agencies respond to threats. So, learning from other’s experiences and setting up your program can be a valuable time and money saver as well,” Wong says.

He shares three ways agency leaders can begin building a collaborative cybersecurity effort:

• Talk to peers who have implemented similar programs to determine which one that really fits the organization best.
• Seek input and assistance from industry associations like the National Governor’s Asscociation’s Cybersecurity Academy, or NASCIO.
• Lean on the vendor community and ask for help, because in working with government agencies across the nation, they can provide a unique perspective.

Improving the measure of cyber risk

Wong explains that legislation currently in the House and Senate aims to make the federal Continuous Diagnostics and Mitigation program available to state and local agencies. The program provides direction for inventorying security assets and potential areas of risk. If that passes, Wong says, “risk scoring capabilities in the CDM dashboard initiative will become a more critical part of the state and local government solution and toolkit.”

“While something on the scale of CDM dashboard might seem out of reach, implementing a solution that delivers actionable risk scoring does not require such a massive undertaking,” he says.

Allan Wong has over 20 years of enterprise hardware, software and security experience. He’s held senior leadership positions at Dell EMC, BMC Software and other tech firms before joining Tenable — specializing in the IT needs of federal, state and education accounts.

Listen to the podcast for the full conversation on joining forces to respond to cyberthreats. You can hear more coverage of “IT Security in Government” on our StateScoop radio channels on Apple Podcasts, Spotify, Google Play, Stitcher and TuneIn.

This podcast was produced by StateScoop and underwritten by Tenable.