Navigating the Evolving Threat Landscape: State and Local Governments Prioritize Cybersecurity in 2023
2022 was a noteworthy year for the technology sector, particularly as it relates to cybersecurity. The post-pandemic era of modernization exposed the fragility of U.S. public sector technology infrastructure and systems, widening attack surfaces and posing additional challenges for state, local and education leaders. We have witnessed the whole gamut of continually evolving security threats, ranging from election security breaches, nation-state actors, threats to critical infrastructure, ransomware attacks, hacktivism and more. The threat landscape defining 2023 will require state, local and education (SLED) entities to shore up additional resources, enhance security training and workforce opportunities, take advantage of federally funded cybersecurity initiatives and bolster its whole-of-government approach.
On December 12, 2022, the National Association of State Chief Information Officers (NASCIO) issued its top 10 technology priorities for state CIOs, ranking cybersecurity as the top priority for the tenth year in a row. Echoing these sentiments, the association subsequently released its 2023 federal advocacy priorities on January 11, 2023, emphasizing a call to action for a robust bipartisan security strategy between state and federal government partners. The top four federal advocacy priorities are:
- Expanding and Strengthening the State Cyber Workforce
- Harmonize Disparate Federal Cybersecurity Regulations
- Ensure Responsible Implementation of the State and Local Cybersecurity Grant Program
- Continued Adoption of DotGov Domain is Essential
During 2022, state chief information officers (CIOs) have consistently expressed the need to strengthen the state cyber workforce. Cybersecurity-related workforce concerns ranging from insufficient staffing (including recruitment, retention, and talent shortages), lack of funding and disjointed governance and strategies, have only enhanced SLED entities’ vulnerability to attacks. Post-pandemic workforce shifts highlighted a cohort of “aging out” U.S. public sector employees, evolving expectations of a younger generation of workers, the here-to-stay remote and hybrid work models, and the incorporation of Diversity, Equity, and Inclusion (DE&I) strategies. As the U.S. public sector transformation continues, decisionmakers tasked with overseeing network security will have to be innovative in their adoption of a forward-thinking and integrative cybersecurity strategy.
Ransomware attacks have been a consistent threat to the U.S. public sector, particularly for smaller state and local government entities and are predicted to be of similar concern in 2023 causing disruption to critical services, sensitive and personal data, and infrastructure.
The role of the Chief Information Security Officer (CISO) has evolved over the last couple of years and now plays an integral part in the adoption of modernization and digitization efforts. As we continue to see the expansion of digital government services and accelerated U.S. public sector transformation, state CISOs will look to innovative technology solutions to bridge security gaps. For instance, many states are seeking out contracting opportunities with managed service providers to address common pain points and security shortfalls. In 2023, IT buyers understand that technology strategies incorporating cloud adoption, artificial intelligence-based automation tools, and secure architecture that utilizes development platforms, such as low-code/no-code software, are now a vital part of enterprise resilience.
Top-down federal initiatives and funding allocations in 2022 demonstrated a heightened sense of urgency for cybersecurity, which will most likely carry through to 2023 and beyond. In September of 2022, the Notice of Funding Opportunity for the much-awaited State and Local Cybersecurity Grant Program was released, dedicating $1 billion for cybersecurity over the next four years. The initial rollout of funding delivers $183.5 million for states, with 80%of that going to local governments and 25% going to rural communities. While it isn’t a large enough sum of funding to ensure significant movement at the government level, it continues to establish precedent for support from the federal government and can hopefully kickstart cybersecurity initiatives at the state and local level. States are currently underway with the submission process for their cybersecurity implementation plans.
In December 2022, the bipartisan fiscal 2023 omnibus spending agreement was passed and includes $2.9 billion for the Cybersecurity and Infrastructure Security Agency (CISA) and $1.6 billion for the National Institute of Standards and Technology (NIST), both incurring significant increases from existing budgets. We have also seen federal efforts to combat ransomware such as executive orders and Congress’ establishment of the Joint Ransomware Task Force, an inter-agency body aimed at decreasing the frequency and severity of ransomware attacks.
Aligning with NASCIO’s federal advocacy priorities, other areas of security focus for SLED entities will be continuation of the .gov site migration, which provides more security than alternative sites, and parity within regulatory guidance for data and security. States and localities are tackling cybersecurity issues through a “whole-of-state” approach, prioritizing robust communication channels amongst agencies and stakeholders, and establishing an all-hands-on-deck security strategy. Many CISOs are hoping to utilize federal funding and directives to enhance collaboration efforts between SLED entities and stakeholders through implementation of shared services models.
As we move into the 2023, modernization and digitization trends will continue to define the citizen experience and the government’s transformation. Our nation’s threat landscape will remain top concern as we strive to create a resiliency framework that can protect our critical infrastructure, data and institutions. Furthermore, the introduction of new state leadership this fall, accompanied by a federal push towards strengthening the nation’s cybersecurity posture, will provide a platform for the adoption of new and innovative cybersecurity technology solutions.
It is undeniable that government services are antiquated and unable to meet current demand without posing undue risk. In 2023, as efforts to strengthen the “whole-of-state” cybersecurity models persist, vendors will see demand for technology tools and solutions specializing in sound security measures, such as keeping operating systems up to date, software and firewall protections, securing a reliable backup system, cyber training for staff and testing for vulnerabilities, systemwide multi-factor authentication (including for remote work), continuous security monitoring, multifactor authentication, encryption, and cloud backup processes.
Post-pandemic requirements are now designed to box out tools and solutions that are inefficient, fragmented, and risky for the government enterprise over time.
To get more TD SYNNEX Public Sector Market Insight content, please visit our Market Intelligence microsite.
About the Author:
Yvonne Maffia is the senior analyst on the TD SYNNEX Public Sector Market Insights team covering State and Local trends across the Public Sector.