Feds plan new 'secure-by-design' guidance

The nation’s cyber defense agency is continuing to drive a major effort to shift security responsibilities from users to software providers.

As cyberattacks grow, cyber insurance is increasingly out of reach for many municipalities

Experts caution that governments need to recalibrate their cyber risk management approaches by emphasizing employee training and taking a whole-of-state approach.

States ramp up software security standards amid growing threats

Collaboration among states to tighten the security of cloud software is increasing under the nationwide program StateRAMP. Meanwhile, Texas is embracing its own certification effort after several high-profile cyber incidents.

Feds prioritizing on-site K-12 cybersecurity reviews this school year

The nation’s cyber defense agency is aiming to work with schools “where they’re at instead of where they should be.” 

The fallout from the MOVEit hack continues as more agencies announce breaches

A Colorado health department said recently more than 4 million patients’ data had been accessed. But the real challenge awaits state and local governments as they look to patch vulnerabilities before more criminals exploit them.

Cyber grant program gets a big funding boost

Nearly $375 million, or double the amount of money as last year, has been allocated to a federal initiative looking to help state and local governments address cybersecurity risks.

Fighting election denial one community at a time

With the presidential election more than a year away, one former state senator is traveling across Wisconsin to prepare local election officials for skeptical voters by educating them on election processes and technologies.

An underused approach to fighting cyberattacks

The Multi-State Information Sharing and Analysis Center offers free services to help localities with cybersecurity. Why aren’t more governments using them?

Why computer security guidelines are so unclear

COMMENTARY | Cybersecurity guidelines are often riddled with excessive or confusing information, spurring a need for clearer instructions from trustworthy sources to better mitigate system vulnerabilities.

Public sector slow to respond to cyberattacks, report finds

It takes government agencies more than 225 days to identify a cyber threat and 92 days to contain it, but AI and automation could significantly reduce that time.

Agency execs strive to maintain modernization momentum

Government leaders want to keep up the pace of COVID-era innovation, but do so more securely, a new report finds.

Hackers already infiltrate EV chargers. It could get worse.

Most intrusions have been innocuous, but a nefarious plot could bring down the grid. Experts have suggestions for improving security.

6 steps to securing operational technology in critical infrastructure

COMMENTARY | Securing the hardware and software systems in power plants, water treatment facilities, transportation systems and other critical infrastructure calls for network visibility, vulnerability assessment and holistic strategic and incident response plans.

Creating a framework for secure-by-design software development

COMMENTARY | State and local IT leaders can proactively address potential threats by prioritizing throughout the development process, regularly evaluating data security policies and keeping an inventory of software components.

Public transit systems remain vulnerable to cyber threats

Despite repeated warnings, a report on Washington, D.C.’s transit authority finds it is still at risk of a cyberattack. Its issues aren’t unique, though, and experts warn that public transportation at-large is vulnerable unless leaders act.

Feds want to help prevent cyberattacks on the water sector

The National Institute of Standards and Technology is seeking input on guidelines for mitigating the risks of cyberattacks on water and wastewater systems.

Legacy tech could undermine 'zero trust' push

As agencies move toward more secure infrastructures, managing legacy systems that are unprepared for today’s cybersecurity challenges could slow their progress.

Louisiana bans TikTok on state networks and devices. Will it make any difference?

The law does little to protect state-owned devices and personal data, cybersecurity experts say.

How a data-centric approach can lift agencies above the cybersecurity poverty line

COMMENTARY | By focusing protection where it’s most needed, agencies can more easily share data and create targeted, efficient and effective cybersecurity.

We’re going to Miami. Join us to learn what’s new in state and local technology.

Our annual Tech Summit is June 26-27. Come hear how local leaders from across the country are using technology to address the biggest issues facing communities.