7 Ways State CISOs Can Go Bold for Cybersecurity
Before joining SHI, I served as the CISO for the State of Indiana at a time when the state’s counties operated independently and faced crippling IT staffing shortages. When our agency was approached to evaluate opportunities to fortify election office technology, a bold idea emerged.
By using Help America Vote Act (HAVA) funds, we could provide all 92 counties with next-generation cybersecurity technology and services at no cost for three years. Ultimately, Indiana used HAVA dollars to fund a 40-month contract for preventing and detecting security incidents. They could also bolster response capabilities by investing in a 24/7/365 Security Operation Center services by a top-tier manufacturer.
Now is the time to go bold
Last year’s American Rescue Plan Act (ARPA) allocated resources for government leaders to take a more strategic and comprehensive approach to cybersecurity – and President Biden’s executive order to improve the nation’s cybersecurity (Exec. Order No. 14028, 2021) calls for new standards and requirements that affect states.
These federal mandates and grant funds make this the ideal time for states to pitch unconventional projects that will strengthen their security posture and set them up for long-term success.
Here are seven recommended ways State CISOs can go bold to build out their cybersecurity environments:
- Modernizing statewide legacy systems and devices
Upgrading aging technology can provide quick wins by increasing visibility into cyber threats and reducing risks. Replacing old server infrastructure or applications that use insecure code and outdated protocols can be expensive, but not doing so can cost more. SHI offers a five-step approach to desktop modernization that enables you to react quickly to change while maintaining high security standards.
SHI facilitates purchases through 650+ contract vehicles and cooperatives and can help identity best pricing and ensure procurement compliance for your organization.
- Implementing components of a Zero Trust Architecture methodology
While few organizations can ever achieve true 100% Zero Trust Architecture, you can make progress with incremental changes that build a foundation of stringent identity management, verification, and security. At SHI, we conduct Zero Trust briefings and workshops to help public sector organizations move closer to their goals.
- Purchasing new hardware and software to protect critical infrastructure
Implementing solutions such as next-generation firewalls can increase visibility and reduce the Mean Time to Respond (MTTR) significantly for cybersecurity incidents, which results in lower risks and greater cost savings.
SHI can work with your team to build an effective plan for your ARPA funding so you make the most of every dollar.
- Accelerating your journey to the cloud
Transferring data to the cloud can enable simpler secure infrastructure builds, automated compliance validation, and automated security checks. SHI can help state CISOs optimize their environment, move applications, secure the cloud, and more.
- Adopting more robust Identity and Access Management (IAM) solutions
Identity and Access Management (IAM) is now among the most critical components of a cybersecurity strategy – and the crown jewel for an attacker trying to compromise your environment. With that in mind, capabilities such as Single Sign-On and Multi-Factor Authentication should be mainstays. Your IAM strategy should also include more advanced items, such as privileged access management, lifecycle management, business-to-business authentication, business-to-consumer/citizen authentication, and a consolidated directory.
- Increasing training and education
Conduct shorter but more frequent employee training sessions in cybersecurity (think at least once per month). But don’t stop at the state level. Encourage your counterparts at the local level to leverage a state contract for reduced pricing on training. Don’t have the in-house expertise to create and launch a cybersecurity technical training environment? SHI can help.
- Creating an executive council for cybersecurity
Opportunities abound for states to collaborate and find strength in numbers. Look to establish partnerships with the private sector and possibly your state university system to share intelligence and resources.
Whichever direction you choose, your bold ask has the best chance to gain approval (and funding) if it aligns with the state’s overall security strategy, supports the state’s IT roadmap, and ties back to mandates in Executive Order 14028.
Moving from ask to action
At SHI, we partner with state technology leaders to assess and prioritize cybersecurity needs, determine requirements and options, and validate that the technology selection matches the desired outcome(s).
Unsure of where or how to look for funding? SHI’s public sector grants team can identify potential funding sources for bold new initiatives. It’s time to discover what’s possible for significantly improving your state’s cybersecurity effectiveness.
Contact your SHI account executive today or visit our Public Sector Grants Program website to learn how we can turn your audacious ask into reality.