Arizona’s Groundbreaking Cyber Readiness Program
(No-cost for most qualified state & local agencies!)
By Chris McBeth, Senior Solutions Architect, cStor
AZ Governor Doug Ducey, Dir. of AZ Homeland Security Tim Roemer, representatives from DPS and Army National Guard
Today’s state and local entities are under enormous pressure to safely manage their critical Information Technology (IT) systems, data, and services. The job of managing and protecting all these critical assets is complex and requires expertise and experience that is hard to find, and even harder to keep, due to chronic underfunding and a lack of awareness of how hard and complex the job of cybersecurity truly is.
The impact of a breach in these critical IT systems poses a clear and present danger to the State of Arizona, its economic stability, and “national public health and safety” according to CISA, the US Department of Homeland Security agency responsible for cybersecurity and infrastructure.
The Cybersecurity Challenge
In a 2022 Sophos report, state & local government cyberattacks increased by 70% from 34% to 58% in just one year.
Due to budget limitations, IT staff are charged with a very broad scope of responsibilities and are not given the resources they need to deploy comprehensive and effective cybersecurity measures (not for lack of trying). Unfortunately, there have been numerous attacks that have already resulted in damage and financial devastation across the state, and we need to continue to improve things!
IT professionals in our state are facing nearly insurmountable challenges because there is no “easy button” for cybersecurity… they’re expected (with few resources and minimal staff) to deploy, configure, manage, and maintain tools including secure email gateways, Identity and Access Management (IAM), Multi-Factor Authentication (MFA), Single Sign-On (SSO), Privileged Access Management (PAM), endpoint protection and management, protection against DDoS attacks, data loss prevention, anti-phishing, anti-malware, anti-virus, encryption, encryption key management systems, data protection, backups, archival retention and retrieval, and Disaster Recovery… all while also supporting end-users with everyday issues like wifi access, password resets, and all kinds of smaller yet very time-consuming things… and they’re often expected to do this all with a team composed of only a few people.
As you can see, this is nearly an impossible expectation to satisfy without help!
Imagine if the water in your town was disrupted during the peak of a summer heatwave. Or if transportation systems were hacked, causing traffic lights to fail, accidents, and massive delays. Or, if your school district was a victim of ransomware, causing them to shut down for an extended period with no access to student records, critical applications for learning and testing, or worse. What if records required for college admission were erased or replaced with false information? Collectively the consequences of these kinds of attacks can be dire and impact our lives forever, damage our economy, and in some cases could kill people. So the answer to “who cares” should be, everyone!
The Statewide Cyber Readiness Grant Program
To combat these critical threats, the Governor of Arizona, the bi-partisan state legislature, the Arizona Department of Homeland Security, and several state agencies have joined together to build an army of well-trained and experienced cybersecurity experts, all focused on fighting this battle as a team.
But what is an army, without supplies? Nothing. And, that’s the most ground-breaking part of this cyber readiness program; the State Legislature has set aside unprecedented levels of funding to license the cybersecurity tools needed, and they will give these licenses away at no cost to qualified entities such as county governments, municipalities, tribal governments, and K-12 public schools. Other local entities may also qualify, so be sure to ask (private enterprise or higher education are ineligible).
Arizona Leading The Nation
Arizona is leading the country in developing this comprehensive program, based on commitments by all involved. The Cyber Readiness Program is just one part of a larger initiative called “Whole-of-State Cybersecurity,” and collectively the cooperation between all agencies is on a scale not previously seen.
The ultimate goal of the Cyber Readiness Grant Program is to better protect Arizona’s critical IT systems by not only providing licenses and cloud services, but also a comprehensive support structure behind the scenes that assist recipients with deployment, ongoing monitoring, and management, and what might be the hardest part for an underfunded agency… incident response!
Complete details of the Cyber Readiness Grant Program can be found on the program website. There are also several private companies like cStor that are part of this effort, and you can reach out to learn more and seek additional help in determining your eligibility.
What’s Included in the Cyber Readiness Grant Program?
The list of tools needed for a comprehensive cybersecurity program is long and by no means fully satisfied with the state’s new Cyber Readiness program. That said, the areas of focus were chosen strategically because the five major categories are generally considered the “low hanging fruit”… meaning if these disciplines are effectively deployed and managed, we’ve gone a long way to accomplishing our mission. So what are they? Read on.
Anti-Phishing / Security Awareness Training (SAT) – What most people don’t realize is, “we the people” are often the weakest link in a cybersecurity program. One of the most effective ways to dramatically reduce our vulnerability is by increasing end-user awareness; teaching people what NOT to do. Anti-phishing training provides employees with examples of how to spot phishing attempts and suspicious emails and tells them what to do when they spot one. Believe me, these phishing emails are not easy to spot, and training is a proven way to decrease risk.
Advanced Endpoint Protection (AEP) – The next most vulnerable thing IT staff deal with are the “endpoints,” a fancy word for laptop, tablet, or server for example. Arizona has chosen to include Advanced Endpoint Protection (AEP), a next-generation antivirus platform that leverages artificial intelligence (AI) and machine learning (ML) to identify malware before it can do damage. Long story short, it protects your critical systems from being infected in the first place and helps identify and quarantine systems before destruction.
Converged Endpoint Management (XEM) – Converged Endpoint Management (XEM) is a critical layer of the cybersecurity portfolio that gives administrators an automated way to keep all their devices updated with the latest patches and anti-malware software. In a nutshell, it’s something every IT organization needs, and it’s often one of the hardest to deal with because of the sheer number of devices.
Multi-Factor Authentication (MFA) – Perhaps the SINGLE most important and effective way to eliminate unauthorized access to systems is to deploy Multi-Factor Authentication. MFA requires more than a password to verify a user’s identity. MFA can be accomplished using tokens, One-Time Passwords, codes sent to your smartphone, biometric methods like fingerprint and retinal scanning, and so on. According to Microsoft, deployment of MFA can eliminate instances of unauthorized access by as much as 97%.
Web Application Firewall (WAF) – WAF is a cloud-based firewall for HTTP (aka “Web”) applications. The WAF applies a set of policies to help protect web applications from exploits that affect an application’s availability or compromise data.
Who Can Take Advantage of This Program, And How?
According to the Arizona Department of Homeland Security, the program is available to all local governments, municipalities, tribal governments, and K-12 public schools. There are others that qualify, so make sure to ask before you assume your agency does or doesn’t. Please check here for official verbiage and follow the steps below.
Another important thing to know is, if you already have the same tools deployed to address one or all of these disciplines, you might have the opportunity to migrate your licenses to those paid by the state. It’s definitely worth looking into.
If you are a representative of an eligible agency, or if you want to find out if you’re eligible, follow these steps:
- If you have general questions, send them to: firstname.lastname@example.org
- You can also email email@example.com for a more immediate response.
- In order to participate, organizations must submit the Cyber Readiness Grant Program Participation Request Form.
- There’s no obligation to participate, so fill in the form and explore the options before you make a decision.
- Priority is given to smaller & less-resourced organizations in the order received.
- You can request one, several, or all of the tools currently on the list. (Again, if you already have these tools, it may be possible to migrate your licenses to the state budget, and reallocate your funds for other tools.)
- Once you submit the participation request form above, you’ll be contacted by a representative from the AZ Dept of Homeland Security to coordinate. You should receive a response within 7 days, and if you have any additional questions or want to check on the status of your request, feel free to send a message to firstname.lastname@example.org.
- Remember, the arrangement made by the state includes assistance with onboarding and access to experts and online training to accelerate your effort.
- Deployment is where the rubber hits the road and the program is designed to ensure success. Don’t hesitate to reach out, ask questions, and leverage all the resources that have been provided for you.
- All of the services are deployed in a manner that requires no physical infrastructure: most are cloud-based and some require the installation of agents.
- Each vendor has included onboarding services, along with people in the Department of Homeland Security dedicated to the process, so you won’t be alone!
- Ongoing management and incident response:
- You’ll be the tip of the spear, but know that you have a ton of really smart and well-equipped people helping you understand and respond to threats that might normally be beyond your capability.
Will the Cyber Readiness Grant Program Go Away?
Unlike most “grants,” this program is designated by the state legislature as “ongoing funding.” So technically speaking, it isn’t really a grant; the money has been allocated for the long term, and the intention is for the program to expand in perpetuity. Given the fact it’s a no-cost program, there’s really no downside to exploring your eligibility, and in the end, if you’ve improved your overall cybersecurity readiness, you’ve accomplished the mission.
Together we can make Arizona a safer place, and with groundbreaking programs like this offered by the state, there’s no reason not to take advantage of it!