This is no longer just an IT problem. When systems go down, the public feels it immediately: delayed unemployment payments, interrupted health services, public safety risks and eroding trust in government.
To meet this moment, state and local governments are looking to autonomous technologies — intelligent, automated cybersecurity platforms that operate at machine speed. But adopting them isn’t just a technology upgrade. It’s a policy decision with major implications for service delivery, equity and public trust.
AUTOMATION IS A STRATEGIC IMPERATIVE
Autonomous systems do more than spot threats. They close the gaps adversaries exploit, keep services running and buy precious time for security teams.
“Unmanaged or outdated devices and tools are unlocked doors in a secure building,” said Deborah Snyder, senior fellow at the Center for Digital Government (CDG)*. “They become easy entry points for attackers.”
Automation changes that equation. These platforms deliver real-time threat detection, continuous visibility and rapid response — all of which are essential to maintain service continuity. The longer agencies delay modernization, the more vulnerable they become to escalating risks that threaten everything from public safety to health care and education.
“AI is being used against us,” said Dan Lohrmann, CDG senior fellow. “That has increased the volume of threats dramatically. We need to fight fire with fire.”
That means adopting tools that can detect, contain and remediate AI-driven attacks at the speed they occur — and integrating them into a comprehensive resilience strategy that prioritizes uptime and continuity of operations.
BUILDING GUARDRAILS FOR HUMAN-CENTERED AUTOMATION
Autonomous technology doesn’t mean “hands off.” Leaders must be explicit about when automation acts on its own and when human intervention is required.
That means requiring approval before sensitive actions — like device lockdowns — and mandating transparency, audit trails and human override capabilities. “Without clear rules, agencies risk eroding accountability and undermining public confidence,” Snyder warned.
Governance frameworks must also account for equity. Automation can either mitigate or exacerbate disparities in service delivery. During the pandemic, some benefit fraud detection systems were tuned so tightly they locked out eligible claimants. Regular risk reviews and bias testing are essential to prevent unintended harm.
POLICY, PROCUREMENT AND THE LONG VIEW
Modern governance of autonomous technologies requires rethinking procurement. Agencies can no longer afford to buy point solutions based solely on cost or feature lists.
Instead, procurement must align with mission outcomes:
- Reducing risk exposure
- Improving service uptime
- Accelerating threat detection and remediation
- Ensuring compliance with federal and state cybersecurity standards
- Scaling across departments and jurisdictions
Procurement language should require vendors to meet standards like the NIST Cybersecurity Framework, CIS Controls, FedRAMP or GovRAMP and provide tools that support secure configuration, centralized visibility and continuous monitoring.
Just as importantly, governments must treat every endpoint — from laptops to Internet of Things devices — as critical infrastructure. Policies should require real-time asset tracking, cross-agency visibility and continuous compliance to keep devices secure and mission-ready.
COLLABORATION IS A FORCE MULTIPLIER
Public service delivery is a shared responsibility. States should give local governments access to shared security operations centers, endpoint detection tools and threat intelligence. They should also set baseline security requirements across jurisdictions and establish mutual aid agreements so that when a breach occurs, response is fast, coordinated and consistent.
A whole-of-state approach to funding and procurement eliminates redundancies, strengthens security posture and opens opportunities for federal cybersecurity grants. Advisory councils or task forces that include state and local voices can help shape policies that work in the field.
Automation is not a “set it and forget it” solution. Routine audits and periodic reviews ensure that autonomous systems remain compliant, unbiased and effective.
“Automated actions need to be included in processes that require periodic review because of the potential for algorithms to skew biases,” Snyder said. Ongoing oversight ensures that automation continues to serve agency missions and public values as technology evolves.
A ROAD MAP FOR THE NEXT ERA
The public sector’s cyber risk environment is not going to slow down. The attack surface will keep growing, and AI-driven threats will keep coming faster.
Autonomous technologies are no longer optional — they’re a prerequisite for continuity of operations. But successful adoption depends on strong policy frameworks that reinforce accountability, protect equity and preserve human oversight.
By aligning governance to best practices, rethinking procurement and committing to continuous evaluation, state and local governments can future-proof their systems — and their services.
With the right guardrails in place, automation becomes more than a defensive measure. It becomes a strategic enabler of secure, resilient and trusted public service delivery.
*Note: The Center for Digital Government is part of e.Republic, Government Technology's parent company.
