What Is Whole-Of-State Cybersecurity? – Tanium

What Is Whole-of-State Cybersecurity? – Tanium

Answer questions with high-fidelity data you never knew you could get, in seconds, to inform critical IT decisions.
Leverage Tanium’s suite of modules with a single agent.
See why organizations choose Tanium.
Tanium empowers teams to manage and protect mission-critical networks with complete, accurate and real-time data.
Trust Tanium solutions for every workflow that relies on endpoint data.
Track down every IT asset you own instantaneously.
Automate operations from discovery to management.
Find and fix vulnerabilities at scale in seconds.
Index and monitor sensitive data globally in seconds.
Hunt for sophisticated adversaries in real time.
Explore solutions for your industry.
The world’s most exacting organizations trust Tanium to manage, secure and protect their IT environments.
See what we mean by relentless dedication.
Hear why customers choose Tanium.
Enhance your knowledge and get the most out of your deployment.
Get support, troubleshoot and join a community of Tanium users.
Engage with peers and experts, get technical guidance.
Read user guides and learn about modules.
Create and follow support cases.
Get the expertise you need to make the most out of your IT investments.
Tap into the power of Tanium partners.
Confidently evaluate, purchase and onboard Tanium solutions.
Gain operational efficiency with your deployment.
Integrate Tanium into your global IT estate.
Purchase and get support for Tanium in your local markets.
Leverage best-in-class solutions — through Tanium.
Get the full value of your Tanium investment with services powered by partners.
Explore the possibilities as a Tanium partner.
Bring new opportunities and growth to your business.
Access resources to help you accelerate and succeed.
the latest Tanium content.
Thought leadership, industry insights and Tanium news, all in one place.
Access digital assets from analyst research to solution briefs.
Find the latest events happening near you — virtually and in person.
and make the most of your IT investments.
Enhance your knowledge and get the most out of your deployment.
Validate your knowledge and skills by getting Tanium certified.
Contribute to more effective designs and intuitive user interface.
from a community of experts.
Explore and share knowledge with your peers.
Solve common issues and follow best practices.
Ask questions, get answers and connect with peers.
No one can survive the current onslaught of cyber threats going it alone. With whole-of-state cybersecurity, you don’t have to.
Whole-of-state cybersecurity is an approach that emphasizes partnership among different levels of government, educational institutions, tribal entities, and other organizations in the public and private sectors to mitigate cybersecurity threats. By breaking down governmental silos, this methodology enables entities across an entire state to share cybersecurity resources and information to improve their collective security posture.
Over the past few years, state and local governments have faced an unprecedented level of cybercrime. Ransomware attacks on state and local governments increased 485 percent in 2020. Local governments suffer a brutally high price: The cost of rectifying a ransomware attack, including the costs of resources, downtime, lost opportunity, and ransom paid, averaged $1.64 million in 2021.
Many of these public-sector entities don’t have the internal resources, knowledge, and skills necessary to head off their attackers.
Whole-of-state cybersecurity allows state and local governments and their partners to pool their resources and collaborate to fortify their defenses against ransomware, supply chain attacks, and other cybersecurity threats.
Identify and contain adversaries before they can spread across your network.
Whole-of-state defense is necessary today because of the increase in cyberattacks targeting state and local governments.
The percentage ransomware attacks on state and local governments increased in 2020
Typically, every jurisdiction handles its own cybersecurity with its own resources, but with varying levels of success. Differences in budgets, staffing, tooling, and so on can be determining factors in how successful a party is in fending off an attack. Given that a state’s different government entities are facing an expanding landscape of common threats, it makes sense for them to pool resources, share information, and work together to strengthen their digital defense.
There are four main steps to enabling whole-of-state cybersecurity. They are:
It’s important to follow a couple of best practices to ensure your whole-of-state approach is successful.
No one can survive the current onslaught of cyber threats going it alone.
The first is to plan for long-term funding. While federal grant disbursements can supply a much-needed injection of cash for a fledgling project, they shouldn’t be relied upon to sustain the project over the long haul. Federal grants are offered on a time-limited basis, and once the funding stops, your whole-of-state efforts could stop along with it. Also, stakeholders will be less likely to participate in a whole-of-state cybersecurity plan, and support it with their resources, if it looks like it doesn’t have the funding necessary to be implemented effectively. It’s critical, then, to establish long-term state funding up-front.
The second is to have a collaborative attitude in your relationships with other entities. The best way to foster this attitude is to ask rather than tell other parties what they need. If you listen to their concerns and work together with them to find workable solutions, they’ll do the same for you. It’s this synergy more than any tool set or policy from which whole-of-state cybersecurity derives its effectiveness.
Whole-of-state strategies can be funded in different ways, but they are typically supported by federal and state outlays. Federal grants are a great way to jump-start whole-of-state initiatives. They can be used to get a project off the ground and prove out different tools and ideas that can expand as the project progresses.
[Read also: State CISOs to feds—show us the money]
It’s essential that states also commit funds to keep whole-of-state cybersecurity initiatives going. States must start looking at their IT systems as critical infrastructure that’s equally as important as their roads, power grids, and water supplies. The public sector is entrusted with a treasure trove of information and data that make its entities a prime target for cybercriminals. The state must recognize this and provide sustainable funding to make sure its IT systems are being secured in perpetuity.
There’s no one way to govern whole-of-state security. You can establish a formal committee, as Louisiana Gov. John Bel Edwards did when he created a 15-member cybersecurity commission that includes members from the state’s law-enforcement agencies, local governments, major industries, and public universities. Alternatively, you can take an informal roundtable approach where everyone has an equal say.
States must start looking at their IT systems as critical infrastructure that’s equally as important as their roads, power grids, and water supplies.
Whatever governing structure the whole-of-state initiative adopts, the goal should be to bring all parties together to share information and best practices, discuss concerns and issues, and make decisions collaboratively.
It’s important to understand that in a whole-of-state approach, one size rarely fits all. Not every tool and every policy will work for every entity. The group may decide on implementing a particular monitoring solution, for example, but one entity may be contractually obligated to use another. In this case, the group may agree that the outlying entity will continue to use its monitoring tool until the contract term expires and then switch over to the tool used by the rest of the group. The governance model the whole-of-state participants choose will determine how to address conflicts like these and the way to strategize for the good of the group.
Whole-of-state success can be measured in several ways. If your group has established a framework and agreed on key principles, that itself is an indicator of success because it means the parties have stepped out of their silos and are communicating with each other and working together well.
Once the group has implemented its agreed-upon policies and tools, success can be further measured by how many parties are using them. This can reveal how well the group is cohering around its plan. You can also measure the effectiveness of your whole-of-state initiative by traditional system metrics like uptime, mean time to remediate (MTTR), and the number of security incidents. These are important indicators that can signal success when they’re trending in the right direction.
While these are all important metrics, perhaps the most accurate barometer of whole-of-state success is how many people or entities are participating in the initiative. The larger the group, the more powerful the network you’re building because everyone is now defending on the same page. Even if every group member isn’t actively adopting every policy and tool, they are at least participating in discussions and sharing feedback that helps bolster the group effort.
[Read also: Having trouble getting buy-in from your staff? Here’s why workers violate cybersecurity policies]
Relationships are the foundation whole-of-state is built upon, and the strength and effectiveness of those relationships is a reliable indication of the strength and effectiveness of your initiative as a whole.
The gathering and disseminating of information is critical for combating cybercrime. By sharing information, all stakeholders can improve their cybersecurity posture and, by extension, the collective security posture of the group.
Threat intelligence—aggregated and analyzed data that helps understand a threat actor’s motives, targets, and attack behaviors—is particularly important because it helps organizations make better cybersecurity decisions and shift from a reactive to a proactive security posture. Some threat intelligence data, such as malicious IP addresses and domain names, is easy to automate and can be found via free and open-source data feeds. Other types of threat intelligence, such as a threat actor’s motivation or behavior, require human resources and analysis.
One of the easiest ways for whole-of-state initiatives to receive and act on threat information is to take advantage of the Multi State Information Sharing and Analysis Center (MS-ISAC). It’s an around-the-clock security operations center (SOC) that provides intelligence, detection, and response assistance to state and local governments.
Some of the benefits MS-ISAC offers include incident response and digital forensics services, a weekly top-malicious domains and IPs report, access to its Malicious Code Analysis Platform (MCAP), and access to the Malicious Domain Blocking and Reporting (MDBR) service, which blocks ransomware. Membership is free and open to employees or representatives of all state, local, tribal, and territorial (SLTT) entities.
A cyber command center formalizes whole-of-state principles and functions in a centralized hub. Arizona Gov. Doug Ducey recently launched his state’s cyber command center, which will operate as the headquarters for coordinating Arizona’s cybersecurity operations. It provides a centralized location from which cybersecurity professionals and local, state, and federal agencies can share information and prevent and respond to cyberattacks.
Whole-of-state starts by reaching out to other parties, fostering communication, and identifying common challenges.
While Arizona’s cyber command center is one of a kind, every U.S. state and territory has at least one fusion center. These entities are state and locally owned and operated, and they serve as hubs for communicating threat-related information across the federal government, SLTT entities, and private-sector partners. A fusion center may serve a major urban area or an entire state, and each is a vital resource that governments and their partners can lean on to support their whole-of-state initiatives.
Incident response in a whole-of-state model leans into outside services and organizations when necessary. When the Colorado Department of Transportation got hit by a ransomware attack, for example, the state’s IT leaders brought in the National Guard and its emergency management office and leveraged their cyber expertise and crisis-response skills, respectively. This allowed the parties to approach the problem with an organized battle plan rather than improvising a response.
The primary benefit of a whole-of-state strategy is increased visibility. Various sectors of government often face common threats but don’t communicate sufficiently for any of them to effectively combat them. Once they start sharing information, they have more data to act upon, which helps secure more assets, make better decisions, and respond to threats more quickly.
Another benefit is access to more resources. By pooling funding, parties can acquire a better class of tools, employ full-time rather than part-time roles, and make other cybersecurity improvements at no additional cost.
Whole-of-state enables municipalities to overcome workforce challenges through their partnerships with community colleges and universities. Texas, for example, recently created a regional security operations center (RSOC). Students in these programs get real-world IT experience monitoring complex systems using cutting-edge tools and gain a leg up when they enter the workforce after graduation.
[Read also: Finding a pipeline of students and others from underserved communities just got easier thanks to groups like NPower]
The organization gains 24/7 coverage it otherwise could not afford and the confidence of knowing they have trained people to actively watch over their systems. It’s another example of how the whole-of-state benefits all involved parties.
States can develop their own whole-of-state strategy by taking the following steps:
Several states are embracing a collective approach to cybersecurity. Some of the more successful examples include:
The main lesson is that in a whole-of-state approach, you need to let people control their destiny. It’s tempting to tell people what they need to do to solve a particular problem or push them to use a specific tool because it’s best-in-class. But that will just result in poor tool adoption and policy compliance. Asking people what they need and listening to their feedback are key to fostering a collaborative environment and determining the ultimate success of your whole-of-state strategy.
Christopher Null is a veteran technology and business journalist with more than 25 years of experience writing for Yahoo, Wired, Forbes, and more. He was a top editor at PC Computing¸ Smart Business, and New Architect and was the founding editor of Mobile magazine.
Dedicated to helping business executives and IT leaders effectively use technology to connect with customers, empower employees and achieve better results.
Empowering the world’s largest organizations to manage and protect their mission-critical networks.
Nov 14 – 17, 2022 | We’re back in person!
Nov 14 – 17, 2022 | We’re back in person!
© 2022 Tanium Inc. All rights reserved.


Leave a Comment

Leave a Reply

Your email address will not be published.

> U.S. Department of Defense > Contract – Department of Defense

The Health Resources and Services Administration Should Improve Its Oversight of the Cybersecurity of the Organ Procurement and Transplantation Network – Office of Inspector General

Hands-on Review: Stellar Cyber Security Operations Platform for MSSPs – The Hacker News

How Law Firms Can Govern Managed Service Providers – Law360