Why State and Local Agencies Should Consider Cybersecurity in Power Management

Digital transformation is accelerating in government

State and local governments across the country are actively embrace digital technologies to improve citizen services, which has led many to move from a traditional centralized approach to a distributed model that leverages multiple locations to meet IT needs. Meanwhile, in many agencies, IT teams are leaner than ever, while changing demands increasingly require staff to respond remotely in emergency situations. Gone are the days when all IT sites had the luxury of having on-site support teams.

A parallel trend to many of these developments is the growth of the Internet of Things. According to Business Insider, the number of devices connected to the IoT will increase to 41 billion by 2027, up from an estimated 8 billion in 2019. As this transformation continues, government institutions must consider the cybersecurity challenge these new devices will pose and ensure they are protected on their networks by expansion.

These related trends, both of which have accelerated amid the COVID-19 pandemic, require new approaches to power management and, in the case of IoT growth, actually impact the electrical equipment itself.

More and more IT teams are deploying connected power management infrastructure, such as uninterruptible power supplies (UPS), to enable remote monitoring and management that minimizes the need for onsite support personnel. Although devices like UPS don’t usually come to mind when institutions consider potential cyber threats, the same could have been said for devices like HVAC units Where internet connected thermometers before becoming the target of major attacks.

RELATED: How can Security Operations Centers help state governments?

Tips for protecting your agency’s power management systems

The growing importance of cybersecurity has made it imperative for power management vendors to consider cybersecurity when adding connected functionality to power management devices. Here are some ways state and local IT managers can incorporate cybersecurity safeguards into their power management strategies.

  • Use equipment that is secure by design. Many organizations tasked with setting global security standards are expanding and redefining their product cybersecurity certification processes for backup power devices. There are various UPS network management cards on the market today that comply with the latest UL 2900-1 and ISA/IEC 62443-4-2 certifications that require robust cybersecurity capabilities and features. By purchasing power management products that meet these certifications, IT teams can benefit from the certainty that their equipment uses the latest innovations in encryption, certificate authority and public key infrastructure, in more configurable security policies.
  • Improve your security solutions. Beyond protecting against ransomware attacks, state and local agencies may wish to deploy other security measures, such as a network air gap, which is designed to keep a computer network physically isolated from unsecured outside networks. For these agencies, this could include the Internet and/or local networks, with the goal of keeping sensitive information out of hackers’ reach so that IT teams can focus their efforts on serving citizens.
  • Make sure the firmware is up to date. To best protect yourself against emerging threats, timely firmware updates are essential. Just watch the news of the recent discovery of Ripple20 vulnerabilities, which put billions of internet-connected devices at risk. In order to properly secure power management equipment against these ever-evolving threats, IT departments can deploy power management software and work with technology vendors to ensure systems have the latest patches. . Power management software can provide graceful shutdown, which in the event of an extended outage will help IT teams save work in progress and prevent data loss.
  • Seek to combine digital and physical security. Recent threats, such as those from Amazon Web Services Data Center Infrastructure demonstrate that state and local agencies must also consider physical security when it comes to their cybersecurity strategy and planning. Placing safeguards such as smart security locks on IT racks helps secure power management devices and other equipment while allowing only authorized personnel access to these components.

Ultimately, state and local agencies and their respective IT teams should aim to develop a comprehensive electrical equipment protection plan, similar to plans for other Internet-connected systems. The best strategies strike a balance between investing in inherently secure products and taking ongoing steps to ensure equipment is up to date with the latest policies, procedures, and ratings.

TO EXPLORE: What are the top five questions a cybersecurity assessment should answer?

The way forward to secure IT infrastructure

As internet-connected devices continue to proliferate, the public sector will continue to embrace new technologies that optimize efficiency and streamline day-to-day operations.

Amid this technological transformation, cybersecurity and IT teams will need to keep an eye on industry developments to ensure that power management equipment and other network-connected devices have the latest certifications.

As their journey to protection evolves with the IT landscape, agencies can strive to stay ahead of the curve by implementing a comprehensive cybersecurity strategy that incorporates power management.

Alan A. Seibert