WHITEPAPER

STATE & LOCAL

GOVERNMENTS:
PROTECT YOUR NETWORK
 STATE & LOCAL GOVERNMENTS: PROTECT YOUR NETWORK WHITEPAPER
In today’s world, breaches are becoming a common
threat for both small and large organizations in every
industry. Government agencies are often the target of
sophisticated attacks, as they can house personal and
sensitive information that are ideal for hackers to steal
and sell. According to the 2018 Thales Data Threat Report,
Federal Government Edition, 57% of federal respondents
experienced a data breach in the last year, and 70%
experienced a data breach in the past.1 While federal
government breaches have made the news, state and
local governments must also take action to protect their
networks and sensitive information from attacks.
TOP GOVERNMENT BREACHES
Let’s take a look at some of the largest breaches to hit
both federal and state government agencies. The U.S.
Office of Personnel Management (OPM) breach is one
of the most newsworthy of 2015, affecting roughly 21.5
million people. The 2015 Georgia Secretary of State Office
is one of the largest state breaches to occur, affecting
6.5 million people’s voter information, including social
security numbers.2
The largest government data breach to occur also
happened in 2015, with the U.S. Voter Database that
exposed 191 million records, including names, dates of
birth, party affiliations, and more for all 50 states and
the District of Columbia.3 While both of these attacks
targeted government agencies that housed personal
identifiable information (PII), hackers also target smaller
government agencies. In April 2017, the emergency alert
system in Dallas, Texas was hacked, resulting in 156
emergency hurricane warning sirens to go off 15 times
over two hours.4
2
One of the most recent breaches occurred in 2018, hitting
the City of Atlanta and costing the city millions of dollars.
The SamSam ransomware attack crippled the city’s
online services like warrant issuances, water requests,
Police Department records, court fees and online bill-pay
programs across 5 of the city’s 13 departments. The city
did not pay the ransom demanded, but the recovery
costs has risen exponentially from $2 million estimate
to over $10 million, with actual figures not yet known.
The city is still recovering and is finding many records
thought safe have been destroyed in the attack.
The most recent White House’s Office of Management
and Budget report revealed that of the 96 federal
agencies assessed, 74% rated “At Risk” or “High Risk” on
the scale of needing crucial or immediate improvements
to their cybersecurity awareness.5 Cybersecurity
awareness and protection is becoming more and more
important, not just for agencies at the federal level, but
also the smaller municipalities and local governments
that struggle with IT.
CHALLENGES
Government agencies of all sizes face similar
challenges when it comes to establishing network
security fundamentals. Funding and staffing for the IT
department are the two major issues. Nearly half of
states don’t have a separate cybersecurity budget and
more than a third have seen no growth or reduction
in those budgets. On a more frightening note, states
generally only spend 1-2% of their IT budgets on
cybersecurity. This is considerably lower than federal
agencies, who typically spend 5-12% of their IT budgets
on cybersecurity.6 Finding a solution that is affordable
and easy to use is half the battle when government
agencies only have one IT employee to manage their
entire, sometimes distributed, network. Luckily, it seems
the awareness of cybersecurity risks is growing, as the
e.Republic research company reports that state and local
governments plan to spend $107.6 billion on IT.7
Lack of visibility into and control over network traffic is
another major challenge small government agencies deal
 STATE & LOCAL GOVERNMENTS: PROTECT YOUR NETWORK WHITEPAPER
with on a day-to-day basis. Agencies need a solution that
can help them proactively measure their security posture.
Changing requirements like the need to offer guest Wi-Fi
leave some government agencies struggling with how to
enable secure, controlled access the network. This could
lead to guests accessing sensitive information, revealing
a vulnerability that could lead hackers to exploit the
network, among other risks.
Maintaining compliance with multiple regulations is
also a cumbersome task that agencies must grapple
with. From broad federal regulations like NIST, HIPAA,
CJIS, CIPA to smaller state regulations, keeping on
top of compliance is a daunting task for the small IT
department. Agencies need a solution that not only
provides visibility into their network traffic, but also
provides audit logs for when compliance requirements
come into question.
WHERE TO START
If you manage a government agency with few IT
resources, here are some steps you can take to start
securing your network.
Train your staff - Human error is still the leading cause
of security breaches.8 Take the time to train your staff to
keep an eye out for suspicious emails or websites.
Separate guest Wi-Fi - Keep your internal network safe
by setting up a separate guest Wi-Fi. Use a captive
portal page to force users to acknowledge an
Acceptable Use Policy so IT can track and manage users.
Encrypt sensitive information - Any PII information
should be stored encrypted and only accessible to the
appropriate personnel.
Back up data offsite - In the event a ransomware attack
hits, having a backup will allow you to get up and
running in no time, without paying the hackers any money.
Gateway solution - Invest in a gateway solution to gain
visibility into and control over the entire network. See
what devices are connecting, or trying to connect,
to your network and take appropriate action to block
attacks and stop offensive users.
3
Untangle, Inc.
100 W. San Fernando St., Ste. 565
San Jose, CA 95113
www.untangle.com
ABOUT US
Untangle is an innovator in cybersecurity for
the below-enterprise market, safeguarding
people’s digital lives at home, work and
on-the-go. Untangle’s integrated suite of
software and appliances provides enterprise-
grade capabilities and consumer- oriented
simplicity, bringing a new generation of
smart security to homes and small-to-mid-
sized businesses. Untangle’s award-winning
network security solutions are trusted by over
400,000 customers, protecting nearly 5 million
people, their computers and networks around
the world.
For sales information, please contact us by
phone in the US at +1 (866) 233-2296 or via
e-mail at sales@untangle.com.
©2019 Untangle, Inc. All rights reserved. Untangle and the Untangle logo are
registered marks or trademarks of Untangle, Inc. All other company or product
names are the property of their respective owners.
SOURCES
1 https://dtr-gov.thalesesecurity.com/
2 https://digitalguardian.com/blog/top-10-biggest-us-government-
data-breaches-all-time
3 https://digitalguardian.com/blog/top-10-biggest-us-government-
data-breaches-all-time
4 https://www.csoonline.com/article/3196989/security/how-smart-
cities-push-iot-cybersecurity-for-state-and-local-it.html
5 https://www.whitehouse.gov/wp-content/uploads/2018/05/
Cybersecurity-Risk-Determination-Report-FINAL_May-2018-Release.pdf
6 https://www.pewtrusts.org/en/research-and-analysis/blogs/
stateline/2018/10/23/state-cybersecurity-offices-need-more-money-
and-staff-report-finds
7 https://www.govtech.com/navigator/numbers/state--local-
government-it-spending-2019_178.html
8 https://www.itproportal.com/news/human-error-top-cause-of-self-
reported-data-breaches/