The cybersecurity threats that have prompted wide-scale action to improve security across the Federal government are posing equal dangers to state and local governments, and officials said at FCW’s CDM Summit virtual event on November 4 that the same solutions being put into place by the Feds also are scalable and adaptable by state and local governments.
“Federal agencies spearhead cybersecurity efforts including CDM (Continuous Diagnostics and Mitigation program) guidance and research. But we’ve seen the majority of attacks aimed at agencies at the state and local level,” said Martin Stanley, Branch Chief for Strategic Technology at the Cyber and Infrastructure Security Agency (CISA).
“By having a large program, and through the purchasing power of the Federal government, we can offer solutions that these entities can then adopt,” he said.
Stanley added that cybersecurity guidance from CISA, in particular, is adaptable for state and local governments. He said the agency has continued to provide resources not just at the Federal level, but also at the state and local level to help agencies implement best practices and mitigate risks.
“[For example] we provide information on threats and vulnerabilities and how to remediate those as well,” Stanley said. “There are a lot of services that CISA provides. But the ability to drive developed capabilities and organize them in constructs that are effective at all levels is one of our biggest accomplishments through the CDM program specifically.”
Larry Hale, director for the IT Security Subcategory at the General Services Administration (GSA), added that GSA has continued to partner with CISA on the CDM program because it sets standards and provides capabilities not just to Federal agencies, but also to state, local, and tribal governments.
“GSA’s acquisition vehicles are open to state and local tribal and territorial governments so that even the smallest municipality has access to the Federal government’s purchasing power,” Hale said.
Hale also implored agencies that may be purchasing systems or software for zero trust architectures to not think of those strategies as steps to a destination. Rather he said, zero trust –like CDM – are constant journeys, and agencies at all levels need to think about the use of those technologies for the long haul.