Open in app

Sign in

Write

Sign in

Member-only story

Securing the Public Sector

Our Critical Infrastructure Depends On It

Helen Patton
4 min readJan 8, 2024
Dall-E created image of a “government security theat map”. I don’t know what it means either.

Calling all security professionals:

Who and what is the most important part of your supply chain? What is the root system upon which your tree (family, school, work) is based?

Many governments focus on “critical infrastructure” as needing to pay particular attention to cybersecurity — those parts of our society upon which the rest of us rely. Water, power, transportation, medicine, food, education. Good. So they should. But the stark reality is that most of those critical services are run by state and local governments (in the United States, at least), who are the least-resourced organizations in the country. Federal government assistance comes largely in the form of regulations and frameworks accompanied by time-limited funding — sort of helpful, but not really. These organizations need more people doing blue team work, more access to agency decision makers, less technology debt, and more freedom to align security priorities to individual agency outcomes. Right now, they lack enough of these things, and this puts us all at risk.

When I started my security career in the late 90's/early ‘000’s, I had the good fortune to start in Business Continuity. At the time, due to our on-premise technology and the long shadow of 9/11, we focused on recovery of buildings, computers, and people — all the physical things. Later, with the advent of cloud computing, we started thinking about digital resiliency/redundancy, and we were proud of ourselves that location was less of a problem. Now, we are all about “cyber resiliency”, which focuses on making sure our companies and organizations can continue to operate even after a cyber event occurs.

Unfortunately, with the blast radius of current cybersecurity threats, we are back to needing to worry about physical security of things again. What happens when the power grid is taken out? Or the water supply is contaminated? Or the self-driving trucks are hacked? What does it do to our supply chains if our payment systems are completely jacked? Once again, we need to be thinking about the continuity of our supply pyramids. Recent nation-state and terrorist conflicts only drive home further our dependence on extended critical infrastructures that support all that we do.

The author made this story available to Medium members only.
If you’re new to Medium, create a new account to read this story on us.

Continue in app
Or, continue in mobile web

Already have an account? Sign in

Helen Patton
Helen Patton

Written by Helen Patton

2.4K Followers
131 Following

Cyber Security, Technology Ethics, and Humanity. What else? I can be found at CISOHelen.com

Responses (3)

Write a response

What are your thoughts?

Akshay Chauhan

Dec 12, 2024

Public Sector should be Secure.

--

Jeffery Moore

Jan 10, 2024

cyber is, by its nature, a public/private partnership. We can’t ignore each other if we want to have better security

Love this -- it's such an important message.

--

paul grabow

Jan 9, 2024

Very timely. Here is an action plan to consider: get in touch with your state's cybersecurity planning committee and read their submitted cybersecurity plan for FEMA SLGCP funds, FY22 funds are being distributed now. Then, talk with your local…

--

More from Helen Patton

See all from Helen Patton

Recommended from Medium

See more recommendations

Help

Status

About

Careers

Press

Blog

Privacy

Rules

Terms

Text to speech