Cybersecurity Awareness Month: A Year-Round Effort for States

How State and Local Governments Help Secure Our World

Twenty years after Congress declared October as Cybersecurity Awareness Month, much has changed, but not the need for broad collaboration to help us keep pace with the threats before us. As the global workforce becomes increasingly remote, dispersed and cloud-dependent, the attack surface for threat actors to target is greater than ever before.

Securing our world requires more than focusing exclusively on our national government and major corporations. We must secure our schools, hospitals, small businesses and first responders. Unfortunately, these newer targets rarely have the resources to keep up with these threats.

Unit 42’s 2023 Attack Surface Threat Report reveals that, as the cloud becomes the main way we work, 80% of exposures are in the cloud rather than on-premises. In state and local government, remote access services were responsible for 24% of such risks. For state and local governments and education institutions, the risk of exposures was at 45% and 31% respectively. The report also found that a quarter of exposures in educational environments, which have suffered attack after attack in recent years (i.e. St. Paul school district, Minneapolis public schools, New Haven school system), are attributable to insecure file sharing. This is a vital form of communication for students and teachers as classrooms transitioned online and away from submitting printed or handwritten work.

Through industry and government initiatives, efforts are increasing to help organizations with fewer resources to protect their systems and users. The Department of Homeland Security’s (DHS) State and Local Government Cybersecurity Grant Program (SLCGP) and forthcoming Tribal Cybersecurity Grant Program (TCGP) were designed to bridge this gap through funding, structured guidance and feedback. The SLCGP initiative will disperse $1 billion to U.S. states over four years, with a requirement that a minimum of 80% of the funds will “pass through” the state and go to local governments. The first year focused on the program’s first objective – developing and establishing “appropriate governance structures, including developing, implementing or revising Cybersecurity Plans, to improve capabilities to respond to cybersecurity incidents and ensure continuity of operations.” This year, with $374.9 million available to allocate, DHS directs recipients to the remaining three established objectives:

• Objective 2 – Understanding their current cybersecurity posture and areas for improvement based on continuous testing, evaluation and structured assessments.
• Objective 3 – Implementing security protections commensurate with risk.
• Objective 4 – Ensuring organization personnel are appropriately trained in cybersecurity, commensurate with their responsibilities.

Funding local cybersecurity protections is crucial to safeguarding our communities, but cybersecurity is complex and constantly changing. That’s why SLCGP requires states to submit concrete plans on how they’ll use the funds to advance digital resiliency and security. That requires them to engage experts for their insights, as well as encourages thoughtful strategic thinking and leads to investments in practical, useful tools and infrastructure leveraging modern technology, such as AI.

The one thing we know about the future is that our cyber world will continue to change. Yet, many organizations and government bodies are still playing catch up in the aftermath of our rapid transition to the cloud, remote work and learning, as well as machine-speed attackers. As we celebrate the 20th year of Cybersecurity Awareness Month, it’s clear that securing our world demands broader access to resources, knowledge and support, for everyone in our communities. Learn how to secure your school district and see how Palo Alto Networks is working to provide affordable cybersecurity solutions with our e-rate programs.