Cybersecurity is usually framed in terms of IT – from malware to phishing to ransomware, federal agencies are paying attention to securing their networks and endpoints. But leaders often overlook security measures for operational technology (OT) and industrial control systems (ICS), such as building automation systems, physical access control systems, physical environment monitoring systems, and implementing a zero trust architecture. In...

Much of cybersecurity is focused on protecting users’ identities and personal information. This approach has numerous benefits, not just for the individual users but for the systems with which they interact – it protects people from malicious activities such as identity theft, while it also cuts down on bad actors stealing credentials to enter IT systems and wreak havoc, from ransomware to data exfiltration. The National Institute...

In today’s digital world, IT modernization and cybersecurity are intertwined with delivering a vast range of state services to residents. According to the National Association of State CIOs, these were the top two concerns facing state governments in 2022. They are two reasons why the state of Florida in 2020 created the Florida Digital Service (FDS), to partner with all state agencies to deliver services. In a state that often faces nat...

The COVID-19 pandemic forced public sector agencies across the country to rely on their IT to deliver services to customers. The “forced evolution” of systems can be seen as a long-term benefit, but it also amplified the vulnerability of communities to potentially serious cyberattacks. For instance, the threat of ransomware continues to grow as cyber criminals target managed service providers, the cloud, and the software supply cha...

As part of the Infrastructure Investment and Jobs Act of 2021, Congress included $1 billion over the next four years for state, local and tribal governments to strengthen their cybersecurity. The Cybersecurity and Infrastructure Security Agency established the State and Local Cybersecurity Grant Program and the Tribal Cybersecurity Grant Program to distribute funds. The Federal Emergency Management Agency is responsible for administration and...

Our nation’s K-12 schools are data-rich, but often resource-poor. That combination makes them very attractive targets for ransomware attacks. The Multi-State Information Sharing and Analysis Center, part of the Center for Internet Security, just released a new report that 29% of its member organization reported being victims of ransomware attacks – and the rapid expansion of remote learning in response to the pandemic has only made...

Ransomware continues to be one of the single biggest threats to government networks, and IT professionals are increasingly worried about employees who work remotely ignoring security guidance and clicking on malware-infested links or attachments. Their concerns are justified, particularly with regard to highly evasive adaptive threats that target web browsers and take active measures to avoid detection by current-generation security. These att...

Government guidance on cybersecurity is gaining momentum but it's still unable to keep pace with current trends. Changes in how we work (such as remote working) and evolving cyber threats will continue to endanger state, local, tribal, territorial, and educational networks. Today’s threat landscape means that private and public sector organizations can no longer rely on their users or on detection-based security tools to protect their us...

Cybersecurity and digital privacy concerns permeate every aspect of government and industry, driving geopolitical decisions and determining how organizations battle ransomware. Cyber is a critical component in the Ukraine war and informs how the U.S. confronts China's global influence. And the need for digital privacy protections has lawmakers pushing for new technology regulations. In the face of these developments, the brightest minds from a...

Building the Cyber Environs: Tools, Technology and Workforce The shift to digital, cloud, AI and other technologies has given rise to a variety of cyberattacks with an alarming cost. Government and industry continue to face critical security and risk issues with increased cyber threats, supply chain and cloud vulnerabilities, ransomware, phising, stolen credentials and identities, new sophisticated attack approaches and other cyber-types of at...