CYBER SECURITY SOLUTIONS

State and Local Government

Protecting Digital Assets and Critical Infrastructure Against Growing Advanced Threats

GET IN TOUCH

Overview

State and local governments are responsible for a variety of services that impact the everyday lives of every resident. Critical infrastructure like roads, bridges, water and sewage systems, and public transportation are operated by state and local entities. Elections—even for federal offices—are administrated locally. Driver’s licenses and other forms of identification are issued by the state government. And a vast majority of law enforcement personnel are employees of state and local entities.

As such, state and local governments represent an attractive target to cyber criminals, especially to nation-state actors looking to create chaos and sow discord by dismantling critical infrastructure. The fact that personal information from every resident can be found in state databases is of interest to cyber criminals seeking to sell that information on the dark web. Hackers can shut down the IT systems of local governments in order to extract ransoms from desperate entities. And hacktivists can wreak havoc with state and local government IT systems to make a political point.

Entities funded by taxpayers almost always operate on limited budgets and often maintain legacy technologies to cut costs. But many state and local governments have embraced digital technology to provide better service—and more transparency—to their citizens. As a result, innovative models of shared services between governments, innovation labs, and new approaches to Internet-of-Things (IoT)-enhanced public service are now on the agenda. While these advancements promise to improve customer service, public engagement, and community cohesiveness, they also make state and local governments an easier target for cyber attacks.

Andrew Govell

Head of Cyber Security Services

Contact

Industry drivers

Contractors and other third parties often have access to government-owned systems, and this introduces significant risk to state and local governments. As a result, authorising each login attempt becomes a key priority. But simply requiring a username and password isn’t enough — threat actors often gain their initial access to a network using stolen credentials from a third party.

To provide secure access in a world where trust is no longer automatic, a multi-layered approach is essential. Multi-factor authentication provides a much more secure way for authorised users to access network resources. Additional layers of verification must be applied to both users and devices trying to access network resources, and the network must be intelligently segmented to restrict each portion of the network to those who need to see it.

We provide these levels of verification as a part of an integrated security architecture. Identity and access management tools provide multiple checks for users, and network access control keeps track of devices that try to access network resources. Our user and entity behaviour analytics technology watches for anomalies in behaviour that might indicate compromised user accounts or devices. Presence analytics technology pinpoints where wireless devices were located when access was requested, and our deception technology lures adversaries into revealing themselves. Intent-based segmentation divides the network according to evolving business needs, ensuring that users have access only to what they need to do their job.

State and local governments now often seek to build an inhouse security operations centre (SOC) to manage threat detection, analysis, and response. They also want their SOCs to deliver insights into optimal cyber security strategies for the future. Additionally, some state governments provide security operations as a shared service to individual state agencies and local government entities.

A SOC that delivers value in both security outcomes and cost-effectiveness must be powered by an integrated security architecture. This architecture needs to integrate broad protection, centralised visibility and control, and the ability to automate reporting and threat detection and response. For entities acting as a service provider to other agencies or governments, ensuring that the infrastructure is designed for multi-tenant use is crucial.

Our Security Fabric provides an end-to-end, integrated security architecture that supports comprehensive SOC operations for entities using the in-house or service provider models. Our next-generation firewalls (NGFWs) provide the foundation for this comprehensive architecture, and our threat intelligence platform provides real-time insight into new threats so that response can be timely, and security services like Advanced Malware Protection, antivirus, and web filtering can be accessed through several subscription bundles. Finally, our management and analytics tools provide centralised visibility, control, and reporting on the overall security posture of each entity being served.

State and local governments maintain thousands of miles of water mains, sewage systems, roadways, public transportation lines, and other critical infrastructure—many of which are controlled and monitored with Internet of Things (IoT) devices. These connected sensors and cameras geographically extend a government’s IT infrastructure, but also its attack surface. Like other critical infrastructure, these systems can be the target of cyber criminals and nation-state actors whose goal is operational disruption, economic losses for the community, or even loss of life.

Such infrastructure can also be subject to coordinated cyber/physical attacks. As a result, protecting the infrastructure requires an integrated approach to both cyber and physical security. Integration will become increasingly important as emerging facial recognition and weapons detection technology come online. Adding voice communications to the integrated architecture improves operational efficiency and enhances security.

Our Security Fabric enables state and local governments to integrate cyber security, physical security, wireless networking, and voice communications infrastructures for comprehensive protection. Cameras, recorders, IP phones, voice systems, and wireless networking are all part of our Security Fabric. Analytics tools can provide reporting and analysis on this entire infrastructure, supplemented by presence analytics technology to identify where Wi-Fi users accessed the network. And network access control monitors and verifies all these devices to protect the network.

Even smaller local governments have multiple locations from which different kinds of services are delivered, and larger state governments can have hundreds or even thousands of associated facilities. Providing connections between these branches and the main IT infrastructure has historically required expensive multiprotocol label switching (MPLS) infrastructure that was difficult to scale according to fluctuations in traffic, and the increasing use of cloud-based services often results in latency.

In response to these problems, software-defined wide-area networks (SD-WAN) technology has proved a cost-effective, scalable alternative. SD-WAN enables network traffic to travel on the public internet. To keep such a network secure, the SD-WAN technology should ideally be integrated with the cyber security infrastructure—and with the networking infrastructure at the remote location.

Our next-generation firewalls (NGFWs) include highly secure SD-WAN technology, allowing network traffic to travel not only on the public internet but also over a virtual WAN (vWAN) within select public clouds. At the remote location, our SD-Branch solutions extend our Security Fabric to the access layer at each branch. This enables secure networking at branches—regardless of their size—and consistent security coverage from the internet, to the wireless network, to the switching infrastructure.

State and local governments are under constant threat from attacks that are increasing in volume, velocity, and sophistication. Manual threat response by overworked IT departments are no longer adequate. State and local governments need access to robust, real-time threat intelligence with automated response policies to combat both targeted and unknown attacks, including zero-day threats.

The professionals operating our threat intelligence platform collect data and information from a large global network of sensors, and have maintained an artificial intelligence (AI)-powered self-evolving detection system (SEDS) for many years. The SEDS has refined its algorithms using machine learning (ML), resulting in extremely accurate, real-time identification of unknown threats across the entire Security Fabric. Our Sandbox analysis and browser isolation tools provide additional layers of protection, and our Advanced Malware Protection service provides broad protection against malware-based attacks.

State government networks host extremely sensitive data, and that data is increasingly distributed across public and hybrid cloud environments. Many entities also host myriad Internet-of-Things (IoT) devices at a vast number of locations and have dozens of citizen-centric applications. As entities adopt more and more services across this distributed architecture, the default is to use the in-built cyber security tools offered by each public cloud provider. However, these solutions do not communicate with each other. The result is multiple silos in the security architecture, with significant manual work left to cyber security team members in reporting and threat response.

As state and local government networks becomes more complex and the threat landscape grows more advanced, it’s essential to simplify security architecture by achieving integration and consistent policy management across the infrastructure.

Our Adaptive Cloud Security solutions deliver this integration by providing a single-pane-of-glass view of the entire cloud infrastructure. They feature native integration with all major public cloud providers, broad protection to cover all elements of the attack surface, and management and automation features that enable consistent, timely threat detection and response through automation.

Our key differentiators for State and Local Government

Integrated Platform

We deliver a flexible platform for building an end-to-end, integrated security architecture. This integration can span from a state or local government’s critical infrastructure to its public services, from the data centre to the endpoint to multiple clouds, and from physical security to voice communications to cyber security. It includes an open application programming interface (API) and Fabric Connectors to integrate third-party security tools.

Remote Location Networking and Security

We offer a comprehensive software-defined wide-area network (SD-WAN), networking, and cyber security infrastructure for branch locations and field sites that provides optimal security and improves network performance. Network traffic can securely travel over the public internet, helping state and local governments avoid the high cost of multiprotocol label switching (MPLS) connections.

Insider Threat Protection

Governments face especially high risk from third parties and insiders who perpetrate accidental and deliberate attacks. We deliver a comprehensive solution to guard against these threats with identity and access management tools supplemented by network access control, intent-based segmentation, deception technology, and user and entity behaviour analytics (UEBA).

Robust Threat Intelligence

Our threat intelligence platform delivers comprehensive intelligence from a large global network of next-generation firewalls, sandboxes, and an artificial intelligence (AI)-powered self-evolving detection system (SEDS) that has refined its algorithms using machine learning (ML) training for many years. We therefore have extremely accurate detection of new threats with almost no false positives.

Contact Us

To understand how CT can help you maintain government services and protect citizen data,
speak to us today.