Cybersecurity in the Public Sector: Two CISOs’ Views on the Future of Threat Intelligence

Ever wonder how cyber attacks can have real-world denial-of-service implications? 

Last week, Michael Moore, CISO, Secretary of State of Arizona and Ryan Murray, CISO, State of Arizona joined Eli Woodward on the Future of Threat Intelligence podcast. In a candid conversation, Murray and Moore shared their unique insights of threats from the perspective of the state government. 

As the CISO, Secretary of State of Arizona, Moore oversees election security across all of Arizona’s 15 counties and functions as a “virtual CISO” for under-resourced communities and counties. Ryan Murray, as the CISO for Arizona’s state-level Department of Homeland Security, oversees cybersecurity for all state agencies, local governments, and critical infrastructure. 

Why Public Sector Cybersecurity Is a Different Problem

State-level cybersecurity sits at an interesting level, wedged between smaller units of local government like cities or municipalities and the larger, national levels of government. This positioning gives state-level officials a unique perspective along with specific challenges. 

A major source of anxiety? States need to worry about how misinformation, disinformation, and malinformation (MDM) converge to cause real-world problems and physical threats. Arizona alone experienced bomb threats impacting every county during the 2024 election. As Moore points out, these are real-world denial-of-service attacks that show the knock-on effect of online threats. 

In addition to the MDM threats, Murray notes that states deal with the same threats as large corporations and the federal government, but with vastly fewer resources. In particular, counties or municipalities may lack dedicated security people, with responsibility for threat intelligence needing to be addressed by the state. 

These challenges are compounded with how states need to worry about critical infrastructure. Water infrastructure and systems in particular are a source of concern in Arizona, especially as operators increasingly connect devices to the internet. However, devices are typically not secure by default, increasing the overall attack surface.

How CISOs Are Rethinking Threat Intelligence and Preparedness

Beyond just information sharing, Murray and Moore are aware that threat intelligence professionals need to be ready for the future of threat intelligence. One key method for securing the future is a focus on the importance of collective defense. It is imperative that states and corporations need to break down silos and focus on a unified defense strategy. 

Murray notes that as attacks become faster and adversaries become more capable, it is more important than ever to look at attacks as an attack on the entire nation versus an isolated case of an attack against a specific US-based organization or state. 

This focus on collective defense is particularly important as adversaries increasingly leverage AI. This brings down the time to exploit newly announced vulnerabilities to potentially minutes. As such, Moore developed his own “AI Cybersecurity Trinity”: defend from AI-enabled and assisted attacks; defend using in-house AI tools; and defending AI systems in place, which can open up another attack vector through risks like prompt injections. 

In addition to AI-assisted technical attacks, Moore notes defenders need to be prepared for AI-generated MDM. These attacks can focus on the human vector and cause reputational damage or chaos, especially in regard to the trust necessary for running an electoral system. 

You can listen to the entire podcast at Apple podcasts, Spotify, YouTube, or on the Team Cymru website.