Building Effective Cybersecurity Teams at All Levels (Industry Perspective)

What can state and local governments to do protect themselves against cyberthreats?

by John Zarour, Splunk / June 9, 2015

Cybersecurity is becoming an increasingly common topic of conversation across the public sector, and for good reason. Although high-profile cases like last year’s cyberattacks on HealthCare.gov and the U.S. Postal Service dominate headlines, cyberthreats are presenting a serious and growing risk to all government organizations at all levels.

And with recent attacks on the State Department and Department of Defense, state and local agencies are becoming increasingly concerned that cybercriminals might soon target their own networks – potentially exposing the personal data of both state employees and citizens. It was only a few years ago that the South Carolina Department of Revenue was hacked, affecting millions of residents.

On the whole, cybersecurity remains a top priority for state CIOs, according to the National Association of State Chief Information Officers (NASCIO). Despite this, however, little progress has been made in establishing cyberprograms -- so it is time for state and local IT leaders to take action and proactively address the issue. 

At the federal level, teams of cyberexperts are being deployed to address specific types of threats. The Department of Justice, for example, has a team dedicated to investigating cybercrime.

Unfortunately less resources and smaller budgets mean that few state and local agencies are able to make the same kind of targeted investment. So, what can state and local governments to do protect themselves? 

Building State and Local Cybersecurity Teams

State and local governments need to start doing more to mitigate cybersecurity risks, and should have a response plan ready in case a breach does occur.

Agencies can begin by evaluating their own threat landscape and determining what resources are required to implement a successful cybersecurity program. While the specific security needs of states differ based on size and infrastructure, every agency should create an operations center equipped with the right personnel, the right processes and the right technology to effectively combat cyberattacks.

Many states are already beginning to assemble their own cybersecurity teams and create operations centers, albeit on a smaller scale than the federal government. Federal cybersecurity teams usually include an analyst, a forensic expert, a security architect and a malware engineer, each managing tasks related to their specialty.

Because state and local governments have less to spend on security teams, however, the key is making smart investments in personnel and technology. The focus should be on recruiting individuals with diverse skill sets capable of taking on different roles. This allows smaller teams to manage a larger scope of threats, and better secure agency networks and sensitive data. In short, versatility is critical to assembling a successful security team at the state and local levels. 

But it’s not enough to just have the right personnel. The security landscape is constantly evolving; new threats are being identified every day. Therefore, cyberteams should participate in regular training to ensure they are properly prepared to analyze incoming data and identify potential threats before an attack. Training is particularly important at the state and local levels, because teams are typically responsible for monitoring a wider range of threats. If an attack does occur, teams must be equipped to quickly identify the problem and respond accordingly. 

In addition to training, agencies should provide a “playbook” of best practices for identifying and handling emerging situations. A playbook will help cyberteams prepare for various security scenarios and can also be used as a training resource in the future.

The Right Technology Ecosystem

Building the right team and having regular training is essential, but an agency’s technological ecosystem also plays a substantial role in the success -- or failure -- of its cyberinitiatives. So what is the most effective approach? 

Effective cybersecurity initiatives require flexible tools and solutions that facilitate an integrated, community-driven response to issues. Cybersecurity is often thought of as purely a technological problem, but it is really a human issue that is addressed by technology solutions.

Today, state and local agencies are recognizing that all data can be used to support security and risk management. Agencies need solutions that have the versatility to pull data from multiple sources for both proactive detection and defensive threat mitigation. That information can then be shared across agency departments and deliver faster time to value.

It is important to realize that the federal government cannot provide a uniform cybersecurity template for state and local governments. There is no one-size-fits-all approach to cybersecurity because of the number of variables involved. It is the responsibility of state and local agencies to develop a customized approach based on their specific needs, resources, budget and missions. 

Former Secretary of Defense Leon Panetta recently told Congress that cybersecurity was “the battlefield of the future.” Now is the time for local and state governments to heed this warning and arm themselves with skills and resources they need to win the fight against ever more frequent cyberattacks.

John Zarour is the director of state and local government and K-12 at Splunk.