At all levels of government, public-sector organizations deliver essential services to constituents every day while operating under challenging conditions. “Do more with less” has been the mantra for decades. But a shrinking workforce combined with economic pressures are amplifying this challenge. Employment at state and local government agencies are still below pre-pandemic levels in most states. And just as state tax revenue was gaining ground lost over the past two years, leaders now face growing economic uncertainty due to inflation and the possibility of recession.
Digital transformation presents an opportunity for state and local government agencies to serve the public better and more efficiently. For years, public sector organizations have been leveraging connectivity to improve service delivery, engagement with constituents, and reduce costs. Even so, the pandemic significantly accelerated digital transformation initiatives that were already ongoing. Nearly overnight, the way in which services such as healthcare and education were managed and delivered changed dramatically to continue to meet public demand as best as possible, and now there is no turning back.
The unfortunate reality is that the benefits of digital transformation and the Extended Internet of Things (XIoT) come with greater cyber risk, as we increasingly rely on online access to physical systems for greater automation, control, efficiency, and convenience. Cyber-physical systems (CPS) and underlying connected assets were not necessarily designed to co-exist seamlessly in a connected environment, so we are now seeing many new attack vectors emerge.
The Cybersecurity & Infrastructure Security Agency (CISA) offers extensive resources to help state, local, tribal, and territorial (SLTT) governments protect critical infrastructure and ensure the resilience of the communities they serve. Materials include case studies that highlight best practices, discussion points for government leaders, steps to start evaluating a cybersecurity program, and a list of hands-on cybersecurity advisors available to SLTT governments.
Protecting cyber-physical systems from attacks and other disruptions also requires purpose-built cybersecurity technology. Claroty works with various state and local government entities to address their cyber-physical systems security concerns. Here are a few examples:
While there are several large water and wastewater corporations, the majority are smaller entities that operate at the country, municipality, or township level. Asset owners and operators are necessarily focused on basic operational priorities, infrastructure upkeep, regulatory compliance, and revenue generation, with cybersecurity often a “below the line” item.
Claroty worked with a U.S.-based water utility with hundreds of miles of pipeline and more than 20 physically dispersed water facilities, including pumping stations, water treatment plants, and storage and distribution systems through the region. As the water supplier upgraded its IT infrastructure, modernized its IT security architecture, and pivoted to support remote workers during the pandemic, comprehensive cyber-physical security across the XIoT was essential. To keep water flowing safely to the more than two million people served, the water utility is using the Claroty Platform to identify connected assets, vulnerabilities putting those assets at risk, and remediation strategies to assure continued operations of critical processes. Claroty’s secure remote access technology, purpose-built for operational technology (OT) environments, provides user provisioning, role- and policy-based access controls, alerting and the ability to audit, investigate, and terminate potentially malicious remote sessions.
Government agencies tasked with managing public transit systems, airports, railways, and freight facilities are increasingly leveraging the XIoT to streamline operations. Claroty is helping a rail rapid transit system mitigate the expanded attack surface resulting from digital transformation. With passive integration to switches, firewalls, and data diodes and the ability to provide immediate asset visibility and continuous threat monitoring while maintaining compliance with SIL standards, the rail provider can digitize without breaking security. Additionally, equipment manufacturers and other partners can seamlessly access systems remotely to service equipment, while security teams have granular control remote sessions.
Another example, Claroty is working with an airport operator to secure both its critical, automated, cargo movement operations and internal infrastructure using components of the Claroty Platform. Real-time visibility into automated conveyor systems to monitor uptime and performance, as well as visibility into connectivity between security cameras, fire detection systems and sensors, HVAC, and power systems enables them to quickly see where issues are coming from, if they have spread, and how to mitigate them. Asset profiling accelerates and simplifies vulnerability management and preventative maintenance.
Electric utilities distribution systems, which carry power from transmission systems to consumers, are state-regulated and many of these systems are no longer air-gapped. Connectivity to IT networks or direct connections to the Internet introduce vulnerabilities that can be exploited. The U.S. Government Accountability Office (GAO) has warned that while the scale of potential impacts from a cyber attack against distribution systems are likely localized, depending on the distribution system targeted, outages could have national consequences. These agencies must take care to mitigate the risks posed by digital transformation.
Claroty has success stories with large power distribution systems worldwide, in different regulatory environments, where the Claroty Platform is used to identify assets for vulnerability remediation and also help monitor and meet regulatory requirements. Additionally, Claroty’s purpose-build remote access solutions replace traditional VPNs that don’t satisfy the need of every OT environment and lack the auditing and real-time ability to monitor and shut down remote connections in the event of malicious activity.
Public hospitals play an integral role in the communities they serve, and the rise of the Internet of Medical Things (IoMT) presents ample opportunity to enhance efficiency and patient experience. In fact, medical device spending is increasing at a compound annual growth rate (CAGR) of 15%-30%, depending on the study. However, a substantial number of IoMT and other IoT devices in hospitals have a known vulnerability. The high stakes of medical device cybersecurity make it crucial for healthcare organizations to comprehensively mitigate cyber-physical risk across the XIoT.
Amid mounting cyber threats to healthcare, the Joint Commission has been directed by the Center for Medicare and Medicaid Services (CMS) to initiate audits on cybersecurity for medical devices. Many healthcare delivery organizations (HDOs) have selected Medigate by Claroty for a truly unified approach for securing the expanding universe of XIoT devices, powered by deep domain expertise and purpose-built technology. For example, a large public hospital, recognized for its leadership in digital transformation, turned to Medigate by Claroty for an integrated and data-driven approach to assets and cybersecurity risk management. The hospital was able to instantly enable vulnerability correlations to medical devices, trigger remediation workflows, and improve Clinical Engineering (CE) workflows to strengthen cyber-physical security while demonstrating return on investment and reducing expenditures through better utilization of existing devices.
Since the beginning of the pandemic, pivoting to remote learning has been the focus for public school systems. However, as in-person school is largely back in session, maintaining a safe, healthy, and comfortable environment for students, teachers, and staff is paramount.
As with on-line learning platforms, building management systems (BMS)—fire alarm systems, HVAC, security cameras, and physical access controls, to name a few—have undergone rapid digital transformation in recent years, shifting toward smart, connected systems to take advantage of performance improvements, reduced energy consumption, and cost efficiencies. But like all forms of digital transformation, connecting formerly isolated BMS assets to the Internet and a school’s internal network introduces additional cyber risk. BMS are often overlooked as a potential weak point in a defense perimeter because security teams are preoccupied with protecting more traditionally targeted assets. However, threat attackers now understand that BMS are not only critical to operations but a pathway to other secured infrastructure and therefore extremely valuable. The Claroty portfolio of solutions helps public school systems mitigate risk to BMS with best practices and capabilities including high-caliber visibility in connected assets, effective and efficient vulnerability management, and segmentation from other devices and systems in the environment.