County collaboration is key to overcoming the cybersecurity talent shortage
Upcoming Events
Related News
Key Takeaways
From Our Partners
This post is sponsored by our partners at Sectri.
In the United States, citizens depend on county governments to deliver many of the nation’s most critical services. These organizations play a crucial role in ensuring overall community well-being by managing essential services such as law enforcement, public health, infrastructure maintenance, and emergency response. Behind each of these vital services stands a team of information technology professionals entrusted with ensuring their security and availability.
Short-Staffed and Under Attack
Unfortunately, recruiting cybersecurity professionals presents a significant challenge as they are in short supply and command premium salaries. This shortage makes it increasingly difficult for even the most well-funded companies to secure the talent needed to effectively defend against evolving cyber threats. For county governments, which often operate with constrained budgets and limited resources, the situation is even more dire. These local governments struggle to compete in a competitive job market, where attracting and retaining skilled cybersecurity personnel is not only costly but often unattainable. As a result, counties face heightened risks and vulnerabilities, as they are unable to onboard the expertise necessary to safeguard their critical infrastructure and sensitive data from cyberattacks.
Partnering for Protection
In late 2023, several counties in the United States addressed the ongoing cybersecurity staffing challenge by forming an alliance to pool their resources and create a unified front against cyber threats. Since then, new counties are continually joining the alliance to collaborate with their peers and benefit from the collective insight, support, and expertise of the group.
Continuous Collaboration
Empowered by Sectri, a cybersecurity management platform, these counties are aligning to industry best practices and enhancing their cybersecurity resilience through continuous collaboration. Since counties face similar threats and vulnerabilities, working together allows them to learn from each other's experiences. The Sectri platform makes it easy for counties to stay in constant contact and assist one another 24x7x365.
Counties in the alliance also meet virtually every month to discuss hot topics and perform tabletop exercises based on current threats facing local governments. Hot topics are submitted anonymously by the counties themselves, allowing them to raise issues without the need to disclose their identity or acknowledge that a specific topic originated from them. This ensures comfort and privacy within the group which leads to more transparent and in-depth conversations.
The group has already met more than a dozen times and discussed over 20 topics, including:
- Best practices on securing connections to municipal partners
- First-hand lessons learned from cybersecurity incidents
- Cloud-based Albert sensors and Network Intrusion Detection Systems (NIDS)
- National Cybersecurity Review (NCSR) – County & Parish review
- Cyber Incident Reporting for Critical Infrastructure Act (CIRCA)
- Microsoft Extended Security Updates (ESU) – county pricing survey
- HIPAA compliance
- Disaster recovery planning
- Digital forensics and cyber insurance
- Policy approval and review
- Multi-Factor Authentication (MFA)
- System and data classification
- DMARC implementation
- Phishing scenarios
- Personal device policies
- Incident playbooks and runbooks
- Log management
In 2024, the alliance has committed to strengthening resilience against commodity malware such as ransomware. To accomplish this, each county is using the Sectri platform to manage and improve the maturity of 20 key cybersecurity controls specifically aimed at bolstering ransomware resilience. Since all members are focusing on the same 20 controls, collaboration comes easily.
Benchmarking to Identify Strengths and Weaknesses
One of the most valuable facets of participating in the alliance revolves around cybersecurity maturity benchmarking. Sectri enables each county in the alliance to assess and manage their own cybersecurity risks while also empowering the group to benchmark against one another with total anonymity. This means counties can see exactly how they compare to other counties when it comes to nearly 700 cybersecurity controls without worrying about revealing sensitive information. Instead, they gain valuable insights into their relative performance and identify areas for improvement based on aggregated, anonymized data.
Understanding how well one county is performing in comparison to others can be invaluable, especially when seeking assistance or justifying budgetary requests. It provides a clear benchmark for evaluating strengths and weaknesses, making it easier to advocate for additional resources or support based on tangible data and peer comparisons.
Join the Alliance
By working together, counties are achieving greater resilience and more effectively managing their cybersecurity challenges, despite individual resource constraints and the shortage of cybersecurity talent. Joining the alliance offers a cost-effective alternative to the status quo and maximizes value by leveraging the collective strength and expertise of counties across the nation.
Learn more about the Sectri Alliance by clicking here.
Post Sponsor
Related News
Courts ponder the constitutionality of the Universal Service Fund
The U.S. Fifth Circuit Court of Appeals ruled in Consumer’s Research v. FCC that the mechanism underlying the Federal Communications Commission’s Universal Service Fund is unconstitutional.
Secure our world by protecting county digital assets
Cybersecurity Awareness Month is a good occasion to note that protecting digital assets is a job for the entire county workforce, not just the IT department.
DHS announces new funding for the State and Local Cybersecurity Grant Program
On September 23, the Department of Homeland Security announced a new funding round for the State and Local Cybersecurity Grant Program.