Public safety cybersecurity slowly ramps up

Brownie Harris/Getty Images

Featured eBooks
The State of Trust in Government
Cybersecurity in State and Local Government
Building Data Literacy in the State and Local Workforce
By Stephanie Kanowitz,
Contributor, Route Fifty
 

Connecting state and local government leaders

By Stephanie Kanowitz

|

Technical debt is actually hampering cyber investment, increasing vulnerabilities and limiting interoperability, an IDC analyst says.

Vulnerability management, proactive threat hunting and next-generation firewalls are the top areas of cybersecurity investment for government agencies this year, according to an IDC report.

More than 1,300 people in federal, state and local government and public safety jobs responded to the “Government Buyer Intelligence Survey: Analysis of Trends in Cybersecurity in U.S. Public Safety Agencies.” It’s designed to help tech suppliers and government technology buyers, decision-makers and policymakers maximize benefits and services through sound investment decisions.

Those investment areas track with what respondents said are core drivers of purchases. For instance, about 36% said they are vulnerable because of legacy systems and outdated hardware and software, about 34% said leaders have made security a top priority and about 33% cited constituent concerns about security and privacy.

“Leaders don’t want to get called out on [vulnerability], and the fact that there’s huge constituent concerns around trust and service delivery, those are really what drive the vulnerability management,” said Alison Brooks, research vice president at IDC and report author. 

Threat hunting lets agencies identify new attack tools and tactics by actively searching out and analyzing dangerous activity on a network. Another top cyber investment, firewalls are foundational to basic security posture. (Gartner defines next-generation firewalls as deep-packet inspection firewalls that go beyond port and protocol inspection and blocking to application-level inspection, intrusion prevention and intelligence from outside the firewall.)

When asked where their agency is implementing identity management, endpoint security, network security, cloud security and a zero trust architecture, most respondents said they’re in the researching phase for all areas. Almost 40% of respondents said they were in full production with identity management, but the next closest area was network security at 20%. The amount of respondents who said they were in production but not enterprisewide or were implementing was at or well below about 20% across all areas.

“The most interesting finding was … the amount of technical debt that is hampering investments, particularly in cybersecurity but then also in data management and analytics,” Brooks said. “Basically, technical debt is when you’re using previous generations’ investments to limp along and do things that they’re no longer supposed to be delivering on.”

What’s more, technical debt hinders agencies’ ability to work across platforms and solutions. For public safety, that means it can get in the way of deriving situational awareness because much of the core operational technology – computer-aided dispatch and records management systems – is 15 to 20 years old, Brooks said. That complicates the use of modern technologies such as artificial intelligence and drones for, say, surveillance. 

About 40% of respondents said that less than 10% of their total operational budget is dedicated to reducing technical debt, and almost 60% said technical debt has a medium impact on their agency, increasing its risk profile and limiting abilities. In the public safety sector, technical debt is causing sizeable financial and personnel time losses, the report stated.

The report also found that more than half – 51% – of respondents said they develop cybersecurity capabilities in-house, while about 27% use third-party software developers and 15% use third-party services providers. At the same time, respondents said that the biggest factor inhibiting successful implementation of cybersecurity investments is a mismatch between what vendors promise and actual capabilities. Weak vendor partnerships and products with inadequate features and functions also topped the list.

“I think it’s a classic tension that exists out there” between vendors and agencies, Brooks said. “Public safety, in particular, is the vertical/sub-vertical that is the most likely to say that the vendor community writ large, not just in cybersecurity, does not understand the business of public safety.” 

One example is vendors who make touchscreens that are incompatible with firefighters’ gloves, she explained.

Another notable finding is the larger number of non-IT personnel getting involved in cybersecurity purchases. Specifically, the report found that about 56% of stakeholders in the process are still tech staff, but almost half are from legal departments and 40% are non-IT senior leaders.

“IT is only one piece of the security puzzle,” Brooks said. “There’s a growing understanding that you need to be able to train and enlighten the workforce…. Cybersecurity is a layer that has to be embedded into every single piece of technology. It’s got a pervasive, almost granular-like element to it, and I think that’s something agencies are starting to understand a little bit more now. I think the reason for that is we have so much technology at our fingertips in our phones and there’s a consumerization of IT -- just broadly speaking -- that is raising all boats to understand perils of cybersecurity.”

Stephanie Kanowitz is a freelance reporter based in northern Virginia.

NEXT STORY: Protect elections by prioritizing public awareness of cyber defenses

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.