Earlier this month, Mandiant announced that it had responded to an intrusion by a Chinese-backed hacking group, APT41, that targeted a U.S. state government\u2019s computer network. The security company ultimately discovered a persistent effort that allowed the malicious hackers to successfully compromise at least six U.S. state government networks by exploiting vulnerable internet-facing web applications using a zero-day vulnerability.Mandiant couldn\u2019t determine the hackers\u2019 motives but said the intrusions were consistent with an espionage operation. The company also predicted that further investigation would reveal even more states whose agencies were affected by the effort.These incidents underscore that state governments are just as attractive, if not even juicier, targets for malicious hackers as the federal government or any other organization. It\u2019s no surprise then that state governments are stepping up their efforts to bolster their cybersecurity protections, launching task forces, hiring advisors, creating security centers, and boosting cybersecurity spending.Recent state cybersecurity actionsThe following significant state-level cybersecurity developments over the past six weeks point to this trend:New Mexico named a senior advisor for cybersecurity and critical infrastructure: On March 18, New Mexico Governor Michelle Lujan Grisham announced the appointment of Annie Winterfield Manriquez, a senior leader at the MITRE Corporation, as her senior advisor for cybersecurity and critical infrastructure. The governor\u2019s announcement cited the geopolitical situation in Ukraine, foreign actor threats against state governments, and warnings about potential Russian cyberattacks as factors that motivated Manriquez\u2019s hiring.North Carolina Joint Cybersecurity Task Force established: On March 16, North Carolina Governor Roy Cooper signed an executive order that formally established the State of North Carolina Joint Cybersecurity Task Force (JCTF), first announced in 2018. It comprises state agencies including Information Technology, Emergency Management, National Guard Cybersecurity Task Force, and something called the Local Government Information Systems Association Cybersecurity Strike Team. The task force provides \u201cincident coordination, resource support, and technical assistance to state and local government agencies and educational entities like schools and universities that have been the target of significant cybersecurity incidents.\u201dThe Maryland legislature introduced a package of legislation to bolster cybersecurity: Following the discovery of vulnerabilities in the state\u2019s cybersecurity system, on March 1 the Maryland General Assembly introduced a package of six bills to improve the state\u2019s cybersecurity posture. The bills would require the Maryland Department of Emergency Management to help local governments prepare for an attack, create the Local Cybersecurity Support Fund to help smaller governments upgrade their security systems, and establish a funding mechanism to modernize all of its legacy IT systems. The package would also centralize all IT systems among state agencies to fall under the Department of Information Technology, require all state and certain local agencies to undergo annual security assessments, and create new offices to assist local governments in boosting their cybersecurity systems.Virginia House proposed a $150 million budget on cybersecurity: The Virginia House of Delegates submitted its version of the state\u2019s budget in early March, allocating $150 million for cybersecurity initiatives for the next two years. However, much of that figure was already in the budget proposed by then-Governor Ralph Northam in December in response to an \u201cextremely sophisticated malware\u201d attack that temporarily crippled the state\u2019s legislative agencies.New York created a Joint Security Operations Center: On February 22, New York Governor Kathy Hochul announced the creation of a Joint Security Operations Center (JSOC) in Brooklyn that will serve as the \u201cnerve center\u201d for joint local, state, and federal cyber efforts, including data collection, response efforts, and information sharing. A partnership launched with New York City Mayor Eric Adams, Albany Mayor Kathy Sheehan, Syracuse Mayor Ben Walsh, Buffalo Mayor Byron Brown, Rochester Mayor Malik Evans, Yonkers Mayor Mike Spano, and cyber leaders across the state, the JSOC was described as the first-of-its-kind cyber command center to provide a statewide view of the cyber-threat landscape and improve coordination on threat intelligence and incident response. The JSOC\u2019s cybersecurity teams will draw from resources across several organizations, including federal, state, city, and county governments, critical businesses and utilities, and state entities, including the Division of Homeland Security and Emergency Services, Office of Information Technology Services, New York State Police, MTA, Port Authority of New York and New Jersey, and the New York Power Authority.State and local governments\u2019 wide range of services a target for cyberattacksThese efforts highlight how state governments are an enticing target for threat actors. \u201cU.S. state government networks amass many different departments and critical infrastructures such as state elections, transportation, and financial information that may be of value for threat actors,\u201d Rufus Brown, senior threat analyst, advanced practices at Mandiant, tells CSO.Local jurisdictions also encompass a wide range of critical services that need protection from threat actors, Rob Main, the state of North Carolina\u2019s chief risk officer, tells CSO. \u201cCitizen services are provided at the lowest possible level in municipalities,\u201d he says. \u201cA cybersecurity incident affecting the confidentiality, integrity and availability of any systems or infrastructures that provide support to citizens have the deepest impact on North Carolina\u2019s lives.\u201dNorth Carolina\u2019s JCTF, launched primarily to coordinate and receive reports of significant cybersecurity threats from local governments, will step in if these jurisdictions need help, Main says. \u201cIf the county, city or town does not have the resources to respond to and recover from an incident, the joint cybersecurity task force mobilizes to put boots on the ground in the affected entity's jurisdiction.\u201dStates can likely expect more attacks from organized threat actors, according to Mandiant\u2019s Brown. \u201cNation-state actors such as China and Russia continue to persistently target these state networks to gain access and achieve their goals through intelligence collection,\u201d he says.\u201cThe variety of data within state government networks can serve a wide array of intelligence operations for nation-states. Financially motivated actors that deploy disruptive malware such as ransomware can also add significant disruptions and risk to U.S. state government department operations when targeted,\u201d Brown adds.Whatever the case may be, North Carolina is prepared. \u201cWe are postured to respond to cybersecurity incidents regardless of threat actor or source,\u201d Main says.