Local government IT administrators: Inspect your whole IT infrastructure as you snuff out cyber-attacksLocal government IT administrators: Inspect your whole IT infrastructure as you snuff out cyber-attacks

Today, when cities and counties get hit with ransomware demands, the attacks are growing more sophisticated and harder to resolve, says Philip Swain, chief information security officer and vice president of information security at Extreme Networks, a provider of artificial intelligence (AI)-driven cloud networking and automation for networking, including for local and state governments.

“Bad actors are using more sophisticated tools and techniques designed to bypass the latest generation of security tools and are layering their attacks,” Swain explains.

He notes that governments are susceptible to multiple incursions. “As an organization is working through the first attack, it will be hit again. All this is designed to overwhelm the victim and increase the certainty of a ransom payment. At the same time, local governments are often facing a lack of budget for network upgrades and/or have small IT teams, which can mean they are more vulnerable to a potential attack in an increasingly risky environment. It’s becoming clear that building and maintaining a strong network infrastructure to support modernization projects is essential to mitigating this risk.” 

Swain says employee and citizen education are crucial to fighting off hackers and ransomware threats. “No matter how strong your infrastructure is, there is always a potential risk when it comes to humans using your technology and accessing the network. Social engineering remains one of the most effective ways for attackers to gain access to sensitive information or systems. Phishing attacks, where intruders send fraudulent emails or messages that appear to be from legitimate sources, are a common social engineering technique—and another reason employee/resident education and awareness are so important.”

Regarding staffer and citizen education, Swain concludes: “When people, particularly local government employees, are taught what to look for and how to avoid phishing campaigns, they can become an asset to the government’s security posture instead of a liability.”

He says it’s important that administrators have clear visibility into network activity, adding that cloud management solutions that give IT teams better visibility into user, application and device activity across the network are crucial if a local government is to have an improved security posture.     

“As many in the cybersecurity industry have said, you can’t protect what you can’t see. Even better are solutions that leverage AI to create a baseline of normal network activity and can flag potential anomalies to the IT team before they impact network performance. These management tools can dramatically increase even a small IT team’s ability to identify and respond to a potential threat, long before they would have been discovered manually.”

And yes, local government IT administrators can minimize cyber-attacks by keeping their networks secure with up-to-date infrastructure. Swain explains: “The network is the connective tissue of everything in a local government, from emergency services to Internet of Things (IoT) devices like body cameras for police to SCADA (Supervisory Control and Data Acquisition) systems that control critical civic functions like power and sewer systems.”    

Swain says many local governments are now relying on network fabric, which allows them to segment their IT networks. Through this product, cities can safeguard more sensitive parts of the network like those used for EMS communications from things like guest Wi-Fi access in a recreation center. The product also enables automatic roll-out of new security policies or configurations to network devices.

Cities and counties are vulnerable to cyber-attacks in several parts of their IT stacks. Some of the danger spots, says Swain, include weak spots in legacy systems, and out-of-date, unpatched and unmonitored technology solutions.

He explains: “Local agencies deal with an assortment of confidential information, including sensitive citizen data, and the risks that come with modernization have delayed digital transformation initiatives within the sector. This delay leaves agencies overseeing outdated systems and solutions, which can be an even bigger burden on IT/security teams as they are not properly equipped with the right tools to manage today’s threat landscape.”

A lack of visibility into the network can also be a problem, Swain says. “Network monitoring and management tools can allow the IT team to oversee access controls and mitigate any security threats as they arise.”

He adds that local governments can’t ignore the end-user and their ability to unwittingly introduce malware or a foothold for a malicious actor. “It’s all about education, education education. It’s a constant activity that needs to be a permanent part of any strategy.”

Swain urges local government IT administrators to fully understand their complete environment, not just from a core infrastructure perspective, but from a data and user perspective. “Do you know how the end-users, citizens and administrators are using your systems? When you have the data/application map, then you have a real understanding of your ‘network.’ The next stage is to understand what infrastructure touches and controls that network. With that understanding, governments should then start to evaluate to secure and upgrade their networks, infrastructure and processes. A modern technology backbone can better provide integrated security and capabilities compared to legacy government IT systems. That backbone not only supports cybersecurity efforts but also enables technology innovations to be built on top.” 

As an example, Swain cites the city of Milwaukee’s shift to a city-wide fiber backbone to manage resources across the city government’s 100 buildings. “The backbone enhances mission-critical services, strengthens government resilience and boosts operational efficiency.”

AI can be a great tool for security and IT operation teams, Swain says. “It offers the opportunity for InfoSec teams to become more productive, freeing resources to continue addressing the risks and threats that cities and counties face.” 

He cautions, however, that AI comes with its own set of risks. “Shadow AI is becoming a growing pain point for IT teams with the growing use of unmanaged/unauthorized AI tools popping up across organizations. IT teams need to ensure they have visibility into the AI tools they know are on their networks, as well as the additional AI tools that their employees may be interacting with to help minimize the risks that come with AI.”

OMNIA Partners, who sponsors this page, offers a robust portfolio of cooperative contracts in the public procurement space. The firm lists a number of cooperative contracts under the keyword “cybersecurity.”