Skip to content
Cyber Resilience-as-a-Service
Francesca El Attrash-UkaejiofoMay 24 20232 min read

Resilience-as-a-Service: a Holistic Approach for Ensuring Continuity of Government

State and local government agencies face multiple — and often interrelated — challenges to strengthening their resilience. They must address evolving cyber threats, modernize vulnerable legacy systems and meet growing expectations around digital services. Agencies often lack the budget and staff to take on these challenges and address the risks associated with them.

But a holistic approach to assessing and addressing potential failure points can help agencies augment staff skills, accelerate digital transformation and improve organizational resilience.

Risks and Gaps

Governments need to sustain business processes and IT systems to deliver critical services despite natural and manmade disasters. However, ensuring that level of resilience remains a challenge. Nearly one-third of attendees at a July 2022 Government Technology webinar sponsored by Iron Bow said in an informal poll that they were not as confident as they should be in their organization’s ability to recover within 48 hours of a major security incident. Threats to government resilience are real and growing.

In 2021, nearly four in 10 public sector organizations globally said they had experienced a ransomware attack within the past year, according to a Sophos cybersecurity survey. And attacks on government agencies are often more likely to succeed. For example, 69% of local governments hit by an attack reported that cybercriminals had successfully encrypted their data, a success rate that’s 15 percentage points higher than the average for all organizations.

The costs of these vulnerabilities are staggering. Across all organizations, the average down time resulting from a ransomware attack is 21 days. But the challenge is broader than cybersecurity, and governments need to think beyond technology issues to address it.

It's not that governments have a security issue so much as a resilience issue. Because of traditional organizational silos, governments have many single points of failure - systems, processes, and security - that increase the risk level of each organization. 

Agencies also need to ensure that systems and processes can scale up during unprecedented surges in demand. This was a common problem faced by state unemployment insurance systems during the pandemic. But governments face budgetary and technology limitations in addressing these and other barriers.

Four Steps to Strengthening Resilience

All of these risks and gaps present a challenge for governments: Can your government encounter a wide range of scenarios, I.e. the COVID-19 pandemic or a ransomware attack, and be able to continue delivering services to constituents with little to no interruption? How scalable and adaptable are your government operations considering cyber and non-cyber challenges? Or to put it more simply, can you take a hit in the mouth and keep going? 

Here are four steps to get started in a more proactive resilience-as-a-service approach:

1. Conduct a comprehensive resilience assessment. Identify technical and non-technical gaps of failure, such as technology, people, and processes.

2. Develop a mitigation strategy. Prioritize efforts to address those gaps based on the level of risk each one presents. 

3. Use workforce development to "future proof" staff and operations. Address potential single points of failure by leveling up skillsets. 

4. Leverage partners to provide resilience-as-a-service. Service providers can offer robust security tools and practices that have been cultivated to serve multiple customers at scale. 

This blog is an excerpt from a Center for Digital Government Issue Brief, "Resilience-as-a-Service: A holistic approach for ensuring continuity of government." You can read the full issue brief here

HP 140x140 fit200



Francesca El Attrash-Ukaejiofo

Francesca El Attrash-Ukaejiofo is an accomplished professional in marketing and corporate communications, specializing in communications, content development, and strategy, while also overseeing brand and design. With a strong foundation in SEO-led content creation and a passion for storytelling, Francesca brings a wealth of experience across various domains, having written for marketing agencies, government, B2B, and B2G organizations. Francesca excels in strategic thought leadership, crafting compelling short-form and long-form copy, including executive bylines, blogs, white papers, eBooks, ad copy, web, and video content. Her expertise spans diverse topics such as tech policy, marketing, cybersecurity, government, health IT, defense, and foreign policy. Notably, Francesca's ghostwritten work has earned placement in respected publications like the Hill, FedTech, DefenseNews, and NextGov. Holding a Master’s in Public Policy and fluent in four languages, Francesca leverages these skills to excel in storytelling, connecting with audiences, and fostering professional networks for the organizations she serves. Recognized for strengths in empathy and positivity, Francesca brings infectious enthusiasm to teams, contributing to a collaborative and talent-cultivating work environment.