The threat landscape is evolving at a time when governments face a much wider attack surface. Hybrid work and expanded digital services have created a seemingly limitless perimeter. However, several emerging technologies — particularly AI and machine learning — will better equip governments to confront these threats and safeguard the valuable public information they collect.
A recent Center for Digital Government (CDG) survey of 103 state and local officials found governments face several challenges in executing an effective security strategy, namely a lack of cybersecurity skills among their workforce (46 percent), issues with integrating security tools (40 percent) and the inability to rapidly respond to threats (36 percent).
AI and machine learning can help governments address many of these challenges and lay the groundwork to for a more secure future.
CURRENT SECURITY AND COMPLIANCE CHALLENGES IN GOVERNMENT
The CDG survey found governments face a variety of security and compliance challenges, including legacy, unpatched and nonsupported networks that increase their exposure (35 percent of respondents); too many manual processes (21 percent); and limited enterprise visibility around the endpoints connecting to their networks.
Endpoints are one of the biggest challenges for governments. The traditional castle-and-moat approach is no longer feasible because of the growth of remote work and “connect from anywhere” requirements for employees and constituents, said Terence Jackson, a director and security technical specialist for state and local government at Microsoft.
‘The perimeter is essentially dead. Security has left the building and we have to operate at the speed of innovation and the cloud. Data and people no longer reside in a static location. Security is very fluid and dynamic now,’ Jackson said.
As the CDG survey found, the cybersecurity skills gap is also a significant hurdle for agencies. A lack of effective employee cyber training (34 percent), a rapid shift to digital tools and processes without adequate security funding (21 percent) and difficulty in securing executive-level support (13 percent) were among some of the other barriers government officials said prevented them from developing a more robust security strategy.
Even with these challenges, state and local governments can take several steps to strengthen their security posture in an era that will be defined by remote work and digital service delivery. AI and machine learning provide a pathway for modernizing security operations and preventing costly security incidents that could undermine governments’ resilience, and more importantly, the public’s trust.
BEST PRACTICES FOR BUILDING FUTURE-PROOF SECURITY OPERATIONS IN GOVERNMENT
Identify your security gaps
To develop future and AI-ready security operations, governments must begin by assessing their current security practices.
Kirk Lonbom, Microsoft’s director of public safety, justice strategy and solutions, said governments can start by evaluating their current security tools, since many of them likely aren’t being fully utilized.
“It really comes down to understanding your data, understanding your current security architecture and starting to look at vulnerability assessments,” Lonbom said.
Jackson suggests government organizations conduct a “pre-mortem” — akin to a tabletop exercise — to run through worst-case security scenarios and identify any gaps in their current operating model.
Agencies should also look at their existing IT resources and ask themselves whether they have the internal capability to respond effectively to threats. For most organizations, the answer will likely be no, and this is where automation will be most beneficial.
Assess your AI maturity
Governments should convene key stakeholders to formulate a plan for how they will reshape their security architecture to execute a holistic cyber strategy and integrate AI-driven security tools and tactics, such as automated identity and access management solutions and a zero-trust model. Governments will likely need to implement this model — which was identified as a key security strategy in the CDG survey — incrementally due to budget and resources constraints. Therefore, agencies will have to decide where to apply zero trust initially within their IT infrastructure to protect their most critical assets and maximize the value of this model.
Along with these security approaches, Gina Marie Hatheway, senior director and security lead for U.S. state and local government at Microsoft, said integrating solutions that are secure by design and employing an open, product-agnostic approach can help agencies automate, unify and better orchestrate the various security tools within their ecosystem, such as security information and event management (SIEM) and extended threat detection and response (XDR) solutions.
“An open approach allows for better integration. With telemetry from multiple sources, it enables better communication [between security solutions],” Hatheway said.
Bring IT and security teams together
As Lonbom says, security is not an IT problem. “It’s a business problem, and everyone must be bought in.”
Governments must bring their IT and security teams together to strengthen enterprise security. They can do so by using a unified data management platform, information-sharing tools or open XDR, and AI-driven security automation solutions that share data with one another — creating a single source of truth for enterprise data.
State and local governments should consider implementing a development security operations (DevSecOps) approach to enhance collaboration between these teams and ensure security is prioritized at every stage of the development life cycle. They should also create a formal, documented collaboration process that leadership supports and nurtures. In some organizations, this may mean network and security teams share tools, data, staff and budget resources. In others, it may mean creating joint task forces or tiger teams, or developing shared KPIs to align goals for IT and security teams.
Collaborate with a strategic partner
Hatheway says every organization is at a different point in their security journey, but the right partner will “understand where they are, where they want to go and help them along their journey.”
A strategic technology partner can bring more automation, visibility and efficiency to government security operations. The right partner also will offer solutions with integrated AI and machine learning capabilities that allow agencies to remain nimble as their threat environment changes.
Aside from cloud and AI-enabled products with built-in security, agencies should prioritize vendors that offer security expertise and a deep well of public-sector experience that will help them strengthen their security posture over the long term. Throughout this process, agencies should have an effective third-party risk management program in place and ask any potential partner about whether their company employs comprehensive security measures to reduce its own supply chain risks. Additionally, governments should take the extra step of thoroughly evaluating a partner’s long-term security road map and planned investments.
BUILDING MODERN, MORE SECURE GOVERNMENT
Over the last two years, state and local governments have had to rapidly adjust their security measures to confront unprecedented challenges.
While they did their level best, they now face an uncompromising threat environment that compels them to develop a more proactive security strategy. AI and machine learning can help governments better confront their current resource and technology challenges and introduce automation that allows them to build more modern and nimble security operations. But to get there, governments need to establish an AI-ready foundation now.
“We need to recognize that what we’ve developed because of the pandemic is our future, and we must be able to plan and prepare for it,” Lonbom said.
