SLED Cybersecurity Opportunities: The “Whole-of-State” Approach

By Rachel Eckert, SLED Market Intelligence Manager

Cybersecurity incidents increase every year, and state, local and education entities are struggling to respond in the face of limited funding and resources.

As I talked about in a recent virtual event, that response is taking the form of a synchronized “whole-of-state” approach to state and local cybersecurity initiatives. In this approach, all stakeholders – state IT, national guard, local law enforcement, local government and schools – are pulled together to develop a cohesive and coordinated response plan. The plan leverages state services, such as incident management, awareness and training, forensics, use of the security operations center and vulnerability management.

The potentially good news here is that additional federal funding may be coming to help states and local governments tackle cyber issues. The House has passed the State & Local Cybersecurity Improvement Act. If enacted as law, this measure will provide some $400M per year for states to coordinate with local governments on a cohesive security plan and response strategy, and to support upgrades to state and local systems.

Here are just a few categories of opportunities to consider, in this new era of SLED cybersecurity:

Protecting IT Systems

Technologies here are typically focused on providing threat prevention, access control, and data security. (Access control in particular is a major gap identified by state audits.)

A key example in this category is from the State of North Carolina for Comprehensive Integrated Cybersecurity Solutions. An RFP is expected in early 2021, in which the state will look for an end-to-end solution to protect the entire education ecosystem. The opportunity comes from the Department of Public Instruction on behalf of all K-12 schools in the state – again as a move toward “whole-of-state” thinking.

Over the next few years you’ll start seeing more comprehensive security solution opportunities. For now, the opportunities will likely be smaller in scope, perhaps encompassing only state agencies or state-funded higher education institutions.

Detecting Security Vulnerabilities

The technologies in this category focus on continuous monitoring, detecting anomalies and application monitoring.

The State of Oregon, for example, is looking for a web application security testing solution for the state’s Clean Vehicle Rebate program. The opportunity includes a review of the systems vulnerabilities, penetration testing and an overall security architecture review.

What precipitated this initiative was Oregon’s rapid transition to remote work, which increased traffic on online systems and uncovered some potential vulnerabilities. As governments increase their use of online systems to compensate for their inability to handle in-person citizen requests, you’ll find more states and localities taking a closer look at the security of these systems.

Mitigating Security Incidents

Technologies here typically include incident response, forensic remediation, threat mitigation and continuity of operations. One example here comes from New York City’s Cyber Command. This group is seeking support for on-site or remote response support for remediation and restoration. This likely points to the sheer size of the New York City enterprise and, consequently, both staff and budget shortages. The city will depend on the speed and expertise of the vendor community to help remediate and restore their systems as quickly as possible.

Conclusion

As you pursue these and other opportunities, remember that state and local governments will need vendor assistance because they lack the skills and personnel to adequately perform many tasks in-house. As you engage at the state level, position your solution as one that can scale across state agencies while also supporting local governments.

Most importantly, however, become a key part of the “whole-of-state” approach. That means partnering and aligning your company and its products or services with the organization for the long-term, rather than a single contract win. Seek out opportunities to participate in state-based committees. By establishing your company as an industry expert knowledgeable in the “whole-of-state” philosophy, you’ll be on the short list to call when the need arises.

This blog is adapted from a recent webinar I recorded for Arrow Technology Summit, “The Ever-Evolving SLED Security Landscape.” You can register and view the on-demand version here.

Keep on top of IT trends in SLED. Subscribe to immixGroup’s Government Sales Insider blog now!