Cyber threats are a serious challenge that governments worldwide are dealing with every day. A cyberattack can cause breach of data or information, cost time and money to resolve or cause downtime impacting operations.
For the past 10 years, an annual CIO survey in the US has found cybersecurity to be the number one concern for state and local governments. In response, more and more IT teams are implementing more and more strategies to safeguard their data and information better.
It’s a similar story closer to home. Across all sectors – including public sector – 87% of Australian and New Zealand CIOs and technology executives told Gartner that cybersecurity would receive the largest increase in technology investment this year, “as greater regulation and threats expand leadership focus on security”. Australian governments – at all levels – have good reason to stay focused, with the sector experiencing 12 “malicious or criminal attacks” that resulted in data breaches in the back half of 2023 alone.
Against this backdrop, it is unsurprising that government departments, agencies and councils are looking to invest in capabilities and tooling that can act as ‘force multipliers’ for improving their protective coverage against cybersecurity threats.
Three ‘force multipliers’ for boosting cybersecurity in the sector stand out: adopting an out-of-the-box mindset when it comes to addressing the challenge; prioritising network security to enable safe and secure government service delivery; and establishing a ‘single pane of glass’ through which to manage environments, protections and policy settings.
Going Outside the Box
The first ‘force multiplier’ is being open and willing to pioneer new models and approaches to address the cybersecurity challenge.
This was on show at the recent Extreme Connect Conference in Texas, where the CIO of the State of Texas outlined a whole-of-state approach being taken to cybersecurity. Part of the strategy involves the establishment of regional security operations centres or RSOCs that provide security services, secure networking, education, outreach and incident response to local governments. An innovative part of the model is the RSOCs are a collaboration with universities, which also host them. This leverages staff, infrastructure and capability at universities, and also provides a training ground for a new generation of cybersecurity talent.
One of the points that was raised at the conference is the unique nature of the model in addressing cybersecurity challenges, particularly in the local government sector. The resource-constrained nature of local governments, combined with the breadth of services they provide and operations they manage, makes them particularly vulnerable to security threats and bad actors. The State of Texas example shows that thinking outside the box can be particularly advantageous when it comes to securing government operations.
Focusing More on the Network
Another ‘force multiplier’ for securing government infrastructure is in prioritising network security-related programs, initiatives and investments, in recognition of the critical role that networks play in digital government service delivery.
A solid network infrastructure is the foundation of many digital transformation initiatives happening in government today. As public sector customers look to tap into more self-serve online services for residents, manage distributed employee populations and manage increasing numbers of users, applications and devices, the network has become more strategic and mission-critical than ever.
To deliver modern public services and stay current while maintaining low costs and efficient operations, they require solutions that ensure robust cybersecurity, efficient application management, resilient infrastructure, insightful data analytics, and seamless cloud integration. Solutions include things like network Fabric, which connects the data centre. campus and branch and makes it simple for customers to hyper-segment the network to improve security, prevent lateral movements and minimise the potential blast radius of a lateral attack. These virtualised networks are inherently secure, with automated provisioning that eliminates nearly all manual configuration and the risk of network errors.
The network is the true foundation of a robust cybersecurity and risk management strategy. Everything touches the network; therefore, governments must have a strong network partnered with management tools that provide appropriate levels of visibility: to see what is happening within the network, to mitigate threats proactively and control who has access to what. This not only keeps critical information holdings safe but also enhances trust with citizens.
Being Able to See the Bigger Picture
Governments, by their nature, have distributed operations – whether that is due to the nature of service delivery functions, or the structure of agencies and departments. The ability to securely connect these disparate data centre, campus and branch locations using a single platform can act as a ‘force multiplier’ for cybersecurity teams insofar as it allows better management of this complexity through a ‘single pane of glass’.
This could take multiple forms. One such form may be Universal Zero Trust Network Access (ZTNA), which acts as a single identity-based zero trust policy engine for both networks and applications. One of the advantages of Universal ZTNA is that it offers unified visualisation and reporting for enhanced insight and simplified management of applications and devices, and the way those interact with networks.
Cloud technology can also be used to give IT teams better visibility into what is happening within their networks, which can help them identify threats sooner, improving their overall cybersecurity strategy. When IT teams can detect threats, they can often mitigate them sooner and prevent them from accessing information or causing network downtime.
