With Cybersecurity Month well underway, it’s time to fight off the fatigue associated with awareness messaging around the subject and connect its well-known practices to accountability. Leaders in state, local, tribal, and territorial (SLTT) governments across the US should start focusing on mission assurance, and take this opportunity to review mission statements, secure the systems critical to those missions, and ensure cyber-physical systems (CPS) in critical infrastructure are sufficiently resilient and reliable.
Missions and Cybersecurity Awareness
Across government, utilities, and education sectors, awareness is an operational necessity, not a communications exercise. It should ground us in service impacts, not just the dangers of clicking, phishing, attacker domains, or weak passwords. Awareness must connect us to mission assurance; each mission has its own domain, and that connection begins inside the organization, not inside a platform alone.
But what is a mission? A mission describes what an organization does, whom it serves, and why it exists. For SLTTs, mission statements communicate their purpose to the public while defining its role and the social benefits provided to citizens, among many other things.
With respect to cybersecurity, many missions have experienced escalating attacks lately. In addition to the rise of cyberattacks, agencies must sustain continuity through constant pressure—policy changes, funding fluctuations, evolving regulations, and emerging threats that transcend jurisdictional boundaries.
Recent data reflects the scale of the challenge. There are more than 90,000 units of local government in the United States, 130,000 K–12 institutions, and over 148,000 regulated public water systems. Each represents a separate mission dependent on similar connective infrastructure. Continuity depends on coordination—and coordination depends on connection. That’s over 300,000 civic entities—and their missions—relying on critical cyber-physical systems every day.
Every citizen is a stakeholder of critical infrastructure and service delivery. For the public sector, awareness is also about remit or clarifying who owns which part of the mission.
Each civil worker, department lead, district manager, city manager, and governor should see how their individual roles connect to a collective mission: contextual awareness between people of the same mission and others of adjacent missions should lead to informed action. This elevation of awareness leads to better preparedness which strengthens resilience, and resilience is the glue that keeps missions uninterrupted.
Connecting Awareness to Resilience in SLTT Cybersecurity
For the public sector, cybersecurity awareness programs must move beyond fear, uncertainty, or doubt. The threat landscape shifts daily, and not only because of adversaries.
Changes in policy, funding, and governance frameworks can threaten resilience as surely as adversaries. Awareness must therefore encompass more than tactics, techniques, and procedures (TTPs)—it’s also about balancing policy levers, anticipating funding headwinds, and sustaining operational momentum when conditions shift.
But awareness alone won’t carry a mission forward. The unseen discussions happening daily across agencies must translate into concrete gains in preparedness, incident response, and resilience management.
Awareness is vital if we’re to keep connecting the dots toward greater cyber-operational resilience. True connection reveals the unseen—the hidden risks that quietly threaten continuity.
Collective Defense and Connective Resilience
No city, state, school, or district secures itself alone.
Recently, federal funding for the MS-ISAC was cut, forcing a rethink of its business model. The Multi-State Information Sharing and Analysis Center (MS-ISAC) is a CISA-supported collaboration with the Center for Internet Security designed to serve as the central cybersecurity resource for the nation’s SLTT governments. While CISA will likely help bridge the gap, the MS-ISAC remains a cornerstone of collective defense—an awareness engine that fuels information-sharing across jurisdictions.
Funding fragility underscores a deeper truth: even the institutions tasked with protecting us must now fight for their own continuity. When connective tissue weakens, every dependent mission becomes more vulnerable.
This challenge isn’t unique. As national grant windows tighten, the connective infrastructure of threat sharing faces its own continuity challenge. The stability of these connective organs determines the stability of the whole system.
While no single approach can be a cure-all, public-private partnerships are possibly the most effective catalysts for cyber-operational resilience. Collaborative contract vehicles, shared service models, leased infrastructure, and personnel exchanges can help critical service operators not only build resilient systems but infuse fresh perspectives essential to protecting the mission.
Shared missions demand shared vigilance. Every organization, from vendors and integrators to local agencies, has a role in strengthening the connective tissue underpinning resilience, and this is why implementation of zero trust architecture is critically important, as it minimizes risk by reducing the potential blast radius for incidents while offering accurate telemetry regarding the risk posture of environments.
Effective defense is not just collective; it’s also connective. It integrates not just information and infrastructure, but people. Mission assurance can be realized when awareness programs are tracking beyond IT metrics to include cyber-physical systems protection (CPSP) risk and resilience.
How the Claroty Platform Helps SLTT Cybersecurity Initiatives
Claroty’s strength lies in sustaining the unseen systems that sustain society.
The Claroty Platform acts as a continuity engine, aligning operational technology (OT), illuminating IT/OT convergence points, and injecting CPS risk information into the existing infrastructure of state and local government service operators.
At its core, the Claroty Platform exposes cyber-physical systems telemetry to security operations workflows and higher-level governance controls. Every detected change, anomaly, or emerging exposure point becomes actionable intelligence for swift threat detection, mitigation, and response. This allows agencies to not only respond faster but govern smarter, reducing mean time to repair (MTTR).
The Claroty Platform doesn’t just detect threats to OT environments, it provides value by:
Establishing asset visibility: Automatically uncover assets across OT, industrial internet of things (IIoT), and CPS environments—creating a verified inventory that allows security leaders to protect critical assets across the network.
Prioritizing risk reduction: With all critical assets discovered, organizations can more easily prioritize which devices to protect based on potential business impact of a security incident.
Securing remote and third-party connections: Minimize third-party risk by delegating remote access privileges without compromising security.
Optimizing network segmentation: Segmenting networks into isolated zones can protect critical assets while limiting the potential damage an attacker can do in the event of a breach.
Streamlining threat detection: The Claroty Platform is purpose-built to detect and monitor OT-specific threats and minimize false positives, reducing alert fatigue and enabling more productivity.
Continuity is the ultimate measure of resilience. Awareness opens the conversation, but continuity keeps it alive. Whether in a control room, a city hall, or a school district, leadership means understanding that cyber-physical systems aren’t isolated: they are civic lifelines that demand protection from an increasingly complex threat landscape.
