Top five benefits of moving municipal cybersecurity costs from CapEx to OpEx

IT leaders in municipalities across the US agree that while cybersecurity is a major concern, they feel they lack the funding necessary to shore up their cyberdefense efforts. In fact, findings from a cybersecurity survey show that nearly two-thirds of municipal officials believe their budgets are inadequate to support their cyber programs. This is in spite of the fact that federal grant programs, such as the State and Local Cybersecurity Grant Program, are seeking to ensure that funding for states is funneled down to the lower levels of government.

State and local governments depend heavily on robust and reliable networks to deliver essential services to their employees and residents. However, effectively managing complex network infrastructures is growing more complicated as those networks require frequent updates and patches to combat new threats, new vectors of attacks and increasingly sophisticated cybercriminals. At the same time, it is also getting more challenging for agencies to find the technical expertise required to upgrade, secure and optimize their networks to meet users’ needs.

Municipalities find it difficult to compete for cybersecurity talent with the private sector, which also faces a shortage of qualified professionals. The argument can be made that overworked and understaffed IT teams could be more problematic for governments than enterprises. “The diversity of our business services and the corresponding diversity of systems is unparalleled in that no organization does what our municipal government does,” Michael Makstman, CISO for the City and County of San Francisco and co-chair of the Coalition of City CISOs, explained to CSO.

Cybersecurity is a top priority for state and local governments, even as the U.S. is facing an estimated 700,000 vacancies in cyber-related jobs. States oversee a vast array of our nation’s resources. These include law enforcement, transportation, utilities and our nation’s school systems. Even more daunting, their purview includes state universities with advanced research and development facilities, making them a prime target for foreign government-sponsored cyberterrorists, hacktivists and common cybercriminals. 

An expanded attack surface brings expanding headaches

Cybersecurity will remain a top concern for municipal IT decision-makers for the near future, due to the expanding attack surface (remote users, apps, devices, websites, network, cloud). Yet, for the most part, municipalities lack in-house resources and expertise to analyze and act upon cyberattacks. They can benefit most from managed security services that help them ensure protection and governance.

Tapping into the expertise of firms with a deep bench of network and security specialists offers a compelling solution to the growing shortage of technical knowledge at the state and local levels. Outsourcing network management to a trusted partner brings many advantages beyond reducing capital expenditures (CapEx). By entrusting network management to an experienced provider, municipalities can overcome budget constraints, lack of skilled IT resources, and the complexities of managing network security and infrastructure.

There is some money available

Even if a municipality makes the move to a managed and secure network, the question remains: how do they pay for these services? Federal funding could be used to help these governments improve their cybersecurity through 27 grant programs managed by eight federal agencies. The good news is that money for state and local government cybersecurity efforts will be available for a few years, despite recent federal discussions over budgets and funding. 

Congress has also authorized an appropriation of cybersecurity funding for state and local governments of $400 million for FY 2023, $300 million for FY 2024, and $100 million for FY 2025. This money is meant to be spread out to local usage, and not just to fund cybersecurity measures at the individual state level. States must allocate at least 80% of their funding to local and rural communities, with a minimum of 25% going to rural areas. There is also a Tribal Cybersecurity Grant Program for federally recognized tribes.

CapEx vs. OpEX

When a municipality purchases something, it can either pay for it out of operating expense (OpEx) or CapEx. Here’s how managed networks and cybersecurity services can reduce monetary pressures by using OpEX funds to help overworked and understaffed IT staffers defend critical assets.

Broadly defined, OpEx is used for small, one-time or regularly occurring expenses; Capex is used for large, one-time expenses. The advent of cloud computing and as-a-service offerings have changed the cost model for IT products and services that municipalities need, making them more easily classified as OpEx rather than CapEx. 

The benefits of moving IT costs from CapEx to OpEx include:

• Greater predictability in budgeting. Managed networks are a set price per month, for the length of the contract, with no additional fees for support or upgrades. Monthly expenses are tracked and deducted from the bottom line as the municipality incurs them. 
• OpEX spending on managed services removes the need for hefty upfront IT investments and enables municipalities to rely on strong service level agreements from their partners to ensure they are getting exactly what they are paying for. This also allows governments to strengthen their security posture with automated updates while keeping pace with changing networking requirements and emerging security risks, all for one monthly fee.
• No depreciation cost on equipment, as the municipalities are leasing equipment from their IT partner, and depreciation costs accrue on the provider.
• When a municipality acquires technology through CapEx, there’s a much greater possibility of underestimating future network capacity and security needs and scaling upwards in response to changing conditions can be prohibitively expensive when the only option is to rip and replace.
• Compliance issues can be greatly reduced. In the rapidly changing cybersecurity regulatory environment, there’s immense pressure for municipalities to maintain consistent compliance. A robust infrastructure alone won’t enable governments to meet compliance standards. OpEx enables them to partner with a managed service partner with top-tier certifications such as FedRAMP and FISMA. 

Paying for IT modernization with OpEx funds can control costs, enhance security, improve visibility into system performance and reduce demands on IT teams — all of which affect an organization’s ability to deliver citizen-centric government. By working with an experienced Spectrum Enterprise team to handle network and security needs, municipalities can shift their focus to other priorities.

Spectrum Enterprise offers a fully managed comprehensive cloud-based solution that simplifies network management and security. It addresses persistent IT challenges, including network security, complexity, and future scalability. It enhances end-to-end protection with features such as automated updates, an advanced firewall, and unified threat management. 

Learn more about Managed Network Edge for governments, powered by Cisco Meraki.