Posted
Earlier this year, the Trump administration signed an executive order dictating that state and local governments should play a more significant role in national resilience and preparedness—including for cyber attacks.
State and local agencies are the frontline of defense for much of the critical infrastructure that underlies our daily lives, such as our utilities, healthcare systems, and more. For years, federal funding and programs have supported state and local cybersecurity programs in their battle against bad actors and evolving threats.
However, the recent executive order—combined with reductions in federal cybersecurity funding—represents a paradigm shift in how we protect the country from cyber adversaries.
At ThreatConnect, we believe that state and local entities have an opportunity to update and streamline their defenses to meet the executive order while improving the overall resiliency of our national cybersecurity.
What the Preparedness Executive Order Means for State and Local Agencies
The March executive order “empowers State, local, and individual preparedness and injects common sense into infrastructure prioritization and strategic investments through risk-informed decisions that make our infrastructure, communities, and economy resilient to global and dynamic threats and hazards.”
In practice, this means that state and local governments and related entities can no longer rely on the federal government to combat various cyberattacks, including nation-state attacks, ransomware, insider threats, and supply chain attacks.
Already, many state and local government organizations struggle with a lack of resources, varying degrees of maturity, siloed operations, and other issues related to building effective and resilient cybersecurity programs.
As a result, MS-ISAC published a report in February outlining priorities for state, local, tribal, and territorial organizations to focus on to strengthen critical infrastructure:
- Strengthen critical infrastructure resilience: Consolidate threat intelligence and improve national coordination.
- Enhance public trust: Improve education, transparency, and communication about critical infrastructure security.
- Support small and rural communities: Provide low-cost solutions and hands-on assistance for smaller entities.
- Eliminate insider risks: Use access controls, awareness training, and behavior monitoring to address insider threats.
- Invest in workforce development: Expand recruitment, training, and retention for cybersecurity talent.
These priorities remain relevant now more than ever. As state and local governments take the lead on cybersecurity operations, they’ll need to implement a highly resilient and scalable infrastructure on which they can build more sophisticated cyber operations.
How ThreatConnect Supports This Shift
With ThreatConnect, state, local, and tribal organizations can deploy the infrastructure needed to meet MS-ISAC’s first priority and the mandates of the recent executive order.
Here are a few ways ThreatConnect can help government entities enhance their cyber resilience with threat- and risk-informed defense:
- Consolidate threat intelligence to a single platform: With ThreatConnect’s Threat Intelligence Platform (TI Ops), states can harness the power of AI and automation to aggregate, enrich, and analyze all their intelligence in a single platform, enabling prioritization and action on the most critical threats. TI Ops can ingest a wide variety of threat intel sources, including those from state fusion centers, so that everyone benefits from the latest intelligence.
- Connect rural, local, state, and other entities: Eliminate silos and create strong defenses state-wide by using Threatconnect as a centralized platform for sharing threat-related information.
- Supercharge existing tools: Out-of-the-box integrations make it easy to integrate with and better leverage existing cyber defense systems, such as firewalls, endpoint detection systems, and SIEMs.
- Customize per local needs and regulations: Security leaders can customize their ThreatConnect instance to manage different use cases (from threat hunting to incident response), intelligence needs (e.g., providing read-only accounts for research), and more.
ThreatConnect understands that state, local, and tribal organizations don’t need another vendor; they need a partner. That’s why ThreatConnect’s customer success team works closely with customers to build out and maintain solutions that meet evolving customer needs.
Case Study: How One State Government Leverages Intelligence-Powered Operations with ThreatConnect
In 2023, a U.S. state government released a mandate to improve statewide threat intelligence and collaboration. Previously, it leveraged an open-source threat intelligence platform (MISP) and struggled with state member adoption (cities, counties, emergency services, municipalities, public works, etc.), large amounts of false positives, and ad-hoc, fragmented processes.
The state government deployed ThreatConnect across several use cases, including to:
- Build a unified threat library.
- Manage incident investigation.
- Automate phishing analysis and response.
- Automate event prioritization and alert triage.
- Leverage intel-driven vulnerability prioritization and response.
- Streamline RIF handling, investigation, and response.
With ThreatConnect, the state now leverages intelligence-driven operations at speed and scale across its command center and statewide critical infrastructure services. Read more about how this state uses ThreatConnect in this customer spotlight.
Meet Today’s Mandates with Confidence
State and local agencies are stepping into a new era of responsibility in the fight against cyber threats. With ThreatConnect, organizations have an opportunity to get up to speed quickly and build a scalable, intelligence-powered cybersecurity program that meets federal mandates and protects the infrastructure millions rely on every day.
Want to learn more about how ThreatConnect can support your organization? Schedule a demo with us.