Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Cybersecurity as a Public Service: 3 Ways Local Governments Can Change the Conversation

Recasting cybersecurity as another essential public service, just like safety or water or electricity, can help local government leaders make the case for cybersecurity funding. Here’s how. 

There is a unique and often overlooked inverse relationship between the size of public sector government entities and the impact they have on the residents who make use of public services. This relationship creates a disproportionate burden on local governments, which may be small in size but have a large potential impact on the daily lives of their constituents. 

It is most often the local governments that are responsible for the delivery of essential services such as public safety communications, power generation and distribution, water treatment and waste removal. And, when such critical infrastructure is compromised by a cybersecurity event, such as a  ransomware attack, the lives of local residents are upended. 

In effect, the expanding modern attack surface appears to create a disproportionately larger “affect” surface as the size of the jurisdiction gets smaller. 

Cyber criminals don’t discriminate based on size when attacking government entities: any jurisdiction is fair game, from the largest federal agency down to the smallest city government. Because cybersecurity funding is very limited in local government, county and city officials should consider ways to increase public awareness of the need for increased investment in cybersecurity by tying it to existing public services that are fully supported and admired by constituents and to campaigns that will garner broad public support, such as reducing the “digital divide.”

3 Ways Local Governments Can Change the Cybersecurity Conversation

Here are three ideas for how local governments can change the dialog around cybersecurity to help constituents understand the importance of investing precious public resources in such efforts:

  1. Include cybersecurity as a key element of public safety. The cybersecurity budget line item in state government is less than 3 percent of the total IT budget, according to a 2018 study by the National Association of State Chief Information Officers (NASCIO); anecdotally, we hear that the local cybersecurity budget is often even less. Public safety is a much larger component of local budgets, in part because the public can see where their tax dollars are going in the form of more police officers and firefighters. Yet, cybersecurity is essential to keeping increasingtly internet-facing critical infrastructure safe and secure. It is a true statement that “cyber tools don’t rescue cats from trees,” so it is unlikely that they will ever be valued as highly by local taxpayers. But what if we spoke of cybersecurity in the language of public safety? For example, framing predictive prioritization of cyber vulnerabilities as an essential public safety measure — much like local governments justify the spending on tools like CompStat for law enforcement or SeeClickFix systems for community alerts — would demonstrate that public funds are being used as efficiently as those used to address violent crime and quality-of-life needs. 
  2. Make cybersecurity a community campaign. If public services go down then everybody suffers, especially the most vulnerable in society. Homebound seniors may see interruption in their remote medical devices if power is lost. Low-income residents may not be able to get to work if public transportation is interrupted. And a loss of public safety communications, such as 911 service, can lead to loss of life. All of these scenarios are acutely felt at the local level and will certainly affect a large segment of the population. Avoiding these interruptions is thus a community responsibility and can be used as justification to rally support for public campaigns to improve cyber hygiene and increase awareness of cyber threats. 
  3. Utilize cybersecurity curriculum in K-12 education in to shrink the digital divide. Internet of Things (IoT) and web-based applications to streamline service delivery are showing great promise but they also have the potential to widen the digital divide. Cities are making broadband access available to larger segments of residents but it may not be utilized equally by all. Promoting cybersecurity skills and tools in K-12 education can help close this divide by making cyber careers more accessible to a larger swath of the community, breaking down barriers of entry to IT careers and affecting multiple generations, as students instruct their parents and other family members on the importance of cybersecurity and the value of digital transformation.  

Helping residents understand the link between cybersecurity and the most basic public services is an important step in making the case for increased funding. These three ideas are one way for officials to begin the conversation and raise awareness of the importance of keeping critical infrastructure safe and secure.

Learn More 

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io

FREE FOR 30 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,275

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, email, community and chat support 24 hours a day, 365 days a year. Full details here.

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 30 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 30 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.

Try for Free Contact Sales

Try Tenable Lumin

FREE FOR 30 DAYS

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.