SPECIAL RESEARCH REPORT
      CYBERSECURITY IS A PERENNIAL challenge for government organizations at all levels. As the number of cyber incidents climb, information technology managers
must scramble to protect existing and new IT infrastructure while also anticipating emerging threats and solutions. Already a daunting task, it’s complicated by budget and staff constraints, regulations, and citizen demands for government services that mirror those of the private sector.
In May 2017, President Trump issued Executive Order 13800 prioritizing cybersecurity and giving guidelines for success. Since then, government officials have stepped up efforts to help IT staff overcome cyber challenges. For instance, the 2017 President’s Management Agenda calls for the reduction of cybersecurity risks using commercial, cutting-edge capabilities. Other efforts include
the Trusted Internet Connections (TIC), an initiative the Homeland Security Department is working to update to account for cloud technologies; Continuous Diagnostics and Mitigation, a DHS program that a House bill proposes to make law; and the Modernizing Government Technology Act, which created a central fund from which agencies can borrow money for modernization efforts. Cybersecurity is often a major component of such efforts.
This is not to say that the government always stays ahead of threats. By and large, government is hugely successful. The Pentagon, for example, prevents 36 million email breach attempts per day. Still, while breaches are rare, they can be devastating. In March, a ransomware hack completely or partially disabled more than a third of the 424 software programs the Atlanta city government uses, and the theft of 21.5 million individuals’ personal data after a breach at the Office of Personnel Management in 2015 remains top of mind for IT leaders.
IT leaders at all levels are looking for better cybersecurity options.
To better understand today’s public-sector cybersecurity landscape, GCN, on behalf of Carahsoft, surveyed federal, state and local government workers involved in IT security systems and posture. The survey shows an environment of realistic concern and well-placed optimism. Let’s take a closer look.
The big picture
Government IT decision-makers are looking to augment their security postures. That’s because although most find existing threat prevention strategies helpful, they’re concerned about their ongoing efficacy, according to the survey. Of most concern are blended threats, or
Figure 1: Level of concern for IT infrastructure attacks
In today’s environment, there are myriad types of cyberattacks, but government IT professionals say they are most concerned about multi-pronged attacks and the spread of malware.
Blended threats or multi-pronged attacks
Lateral movement (spread of malware throughout environment)
Unautorized access and intrusion
Internal attacks (accidental or deliberate)
Social engineering, or offline manipulating of employees to divulge information
General or targeted phishing emails or other content-based attacks
DoS and DDoS attacks Theft of physical devices
     84%
 84%
 82%
 74%
79%
 75%
  73%
 71%
     PRODUCED BY: SPONSORED BY: