IT infrastructure in the public sector. What solutions should you implement with limited budget and resources?

Modern public institutions rely on complex IT infrastructure to function. Hospitals, offices, and local government units all provide public services and store vast amounts of data. Therefore, implementing new IT infrastructure in the public sector must ensure the highest level of cybersecurity and business continuity. Meanwhile, cyberattacks on the public sector in Poland are becoming increasingly frequent and sophisticated, and their consequences can be catastrophic – from the encryption of critical systems to the leaking of citizen data.

To increase institutional resilience to threats, the European Union has implemented the NIS2 directive, and Poland is preparing an amendment to the National Cybersecurity System (KSC). What actions should organizations take to ensure their new IT infrastructure, including IT systems, is compliant with the new regulations and effectively save institutions from security incidents?

What does the IT infrastructure look like in public institutions?

Although end users may not realize it, every internet connection in a public organization passes through a complex network of devices and systems. IT challenges in the public sector are therefore directly related to securing the interface with the internet. Modernizing IT infrastructure should address not only this area but also solutions that ensure the security of IT systems, the security of personal data, and the integration of IT systems.

The implementation of IT infrastructure based on the following solutions deserves particular attention:

• Routers, UTMs, and firewalls for public institutions – the first line of defense against cyberattacks from the internet and local area networks.
• Core network and distribution switches – the foundation of the infrastructure, ensuring communication between devices.
• Data management systems, Dell servers, and data storage systems (NAS, SAN, arrays) – key resources whose loss, encryption, or leakage can paralyze the organization.
• Endpoints – employee computers, phones, and tablets, which are often the weakest link.
• Cloud systems and applications published online – access to them must be properly secured.

Each of these elements can become a target for attack or a point of failure.

How to protect IT infrastructure in public administration?

Compliance with the KSC means a holistic approach to cybersecurity, in which key elements of the IT infrastructure are protected consistently, continuously, and automatically.

Public institutions must implement security mechanisms at every level – from the internet interface, through the internal network and servers, to endpoints and cloud services.

Below, we present the most important pillars of IT infrastructure protection, highlighting specific technological solutions that align with the directive’s objectives. Even if not explicitly mentioned in the act, they constitute a pillar of security for every organization, including those in the public sector.

1️⃣ Next-Generation Firewall – the first line of defense at the interface with the Internet

Next-Generation Firewalls (NGFWs) are advanced security devices that analyze and filter network traffic, providing visibility, protection, and control over connections. Outdated IT infrastructure, including traditional firewalls, are insufficient because they operate only at the IP address and port level. NGFWs are intelligent systems that analyze packet content and user behavior.

Key protection mechanisms:

• IPS/IDS (Intrusion Prevention/Detection System) – detects and blocks known hacker attacks based on signatures.
• DNS Protection – prevents malicious redirects and blocks access to phishing sites.
• Application Control – allows you to block unwanted applications, such as torrents, YouTube during business hours, and traffic concealment tools.
• Web Application Firewall (WAF) – protects web applications exposed to the internet from SQL injection, XSS, and other threat vectors.
• Deep Packet Inspection (DPI) – analyzes packet content for anomalies and encrypted traffic (TLS/SSL Inspection).
• Threat Intelligence – NGFW collects threat information in real time and immediately blocks suspicious IP addresses, domains, and attack signatures.
• Integration with SIEM, NAC and XDR systems – enables automatic responses to detected threats.

🔥 Implementing a New Firewall-Based Infrastructure:

🔹 Public organizations should replace old, traditional firewalls with modern, high-performance NGFWs.

🔹 Implementing an IPS/IDS at the interface between the Internet and local networks will provide protection against hacker attacks.

🔹 Firewalls must be continuously configured and monitored to detect new threats.

2️⃣ Core and distribution network – stability and security of the internal infrastructure

Every organization’s network deployment relies on network switches, which ensure communication between devices, servers, and systems. Efficient and secure enterprise-class switches are the foundation of a stable IT infrastructure.

Key aspects of internal network protection:

✔ Enterprise-class core switches – ensure performance and security, eliminating single points of failure.
✔ Stacking and clustering – prevent downtime through connection redundancy.
✔ ISSU (In-Service Software Upgrade) – software updates can be performed without interrupting network operation.
✔ NAC and SIEM integration – real-time monitoring of internal network traffic.
✔ TACACS+ and AAA – advanced access control mechanisms.

🔥 Implementation:

🔹 Organizations should replace old switches and routers with modern enterprise-class devices.

🔹 Log monitoring and anomaly analysis will allow for the rapid detection of unusual network activity.

🔹 VLAN segmentation and micro-segmentation are the foundation for separating sensitive traffic.

3️⃣ Network Access Control (NAC) in public sector entities

NAC (Network Access Control) systems are responsible for identifying and authorizing users and devices connected to the network. They are a key element of IT infrastructure security, preventing unauthorized access and internal attacks.

How does NAC work?

✔ Identifies devices and users before granting network access.
✔ Assigns dynamic VLANs based on user roles.
✔ Blocks suspicious connections and unknown devices.
✔ Integrates with firewalls and SIEM, providing full visibility into network activity.
✔ Automatic response to threats – for example, disconnecting an infected device from the network.

🔥 Implementing a new access control infrastructure:
🔹 Public institutions should implement a NAC system to eliminate unauthorized devices.
🔹 NAC should be integrated with the identity and device database (e.g., Active Directory, LDAP, etc.) and the firewall.
🔹 Implementing 802.1X authentication for wired and wireless users is required.

4️⃣ Endpoint protection – XDR/EDR and MDM

The most common attack vectors are endpoint devices (laptops, computers, phones) and their users. EDR/XDR and MDM systems provide protection against ransomware, phishing, and malware.

Key protection mechanisms:

✔ XDR/EDR – detection of advanced attacks and protection against zero-day threats.
✔ Automatic isolation of infected devices.
✔ MDM (Mobile Device Management) – management and security of mobile devices (company phones, tablets, and laptops).
✔ Data encryption on devices – protection against theft and unauthorized access.

🔥 Implementing an EDR/XDR system:
🔹 Organizations should implement XDR/EDR to protect computers and laptops.
🔹 MDM systems should manage the security of mobile devices.
🔹 All devices should have enforced MFA/2FA authentication, for example based on YubiKey hardware keys.

5️⃣ Redundancy and backups – the last line of defense

Hardware redundancy is a key element in ensuring IT infrastructure continuity, especially in organizations that must meet NIS2 requirements. In practice, this means eliminating single points of failure (SPOF) by duplicating critical components such as firewalls, core switches, servers, and arrays.

Enterprise-class devices enable clustering – if one component fails, another immediately takes over, maintaining service availability without downtime. Additionally, it’s worth utilizing features such as In-Service Software Upgrade, which allows for online updates, and Hot Swap mechanisms, which allow for the replacement of disks or components without shutting down the system.

A comprehensive redundancy strategy also includes a carefully designed network architecture with multiple communication paths between segments and backups that adhere to the 3-2-1 rule (three copies on two different media, one in a different location). This allows the organization to quickly restore critical services even in the event of a hardware failure, ransomware attack, or natural disaster. This approach not only minimizes the risk of costly downtime, but also lays the foundation for security and regulatory compliance.

As a reminder:

• The 3-2-1 rule – 3 copies of data, on 2 different media, 1 geographically separated.
• Encrypted, ransomware-resistant backups.
• Integrated data management system
• Automatic data recovery mechanisms (Disaster Recovery), including a data recovery service (DRaaS).

How to approach the implementation of a secure IT the public sector?

Implementing technical and organizational measures is just one element of meeting the obligations arising from the NIS2 directive. It is crucial that the selection of specific security measures – such as firewalls, EDR/XDR systems, encryption tools, or network segmentation solutions – is not random or based solely on the popularity of a given solution. It should be based on the actual needs of the institution, the characteristics of the services it supports, business continuity priorities, and previously developed risk management and incident response procedures.

An infrastructure audit should assist in this process, reviewing the solutions currently in use, identifying security gaps, and recommending corrective actions. We conduct such audits, with particular attention to NIS2 requirements.

Where to start protecting public institutions in accordance with NIS2?

In my practice, I’ve often seen foundations and best practices neglected at the expense of individual solutions considered state-of-the-art. This is not the way to go. Especially with limited resources and budgets, we should prioritize solid protection in the most critical areas. Conduct a mandatory IT audit, replace devices that have lost support, and update outdated software. Maintaining the foundations will result in a more stable organization that will be significantly more difficult to access from the outside.

Modern IT security according to NIS2 is not about individual solutions, but an integrated security ecosystem encompassing firewalls, NAC, SIEM, EDR/XDR, backups, and redundancy. Effective technical security measures are only effective when integrated with security policies, contingency plans, and systematically tested procedures—not implemented as spot actions “on paper.”

If you want to check whether the implementation of IT infrastructure carried out under the “Cybersecure Local Government” program meets the obligations of public entities arising from the NIS 2 directive, our experts will conduct an NIS 2 compliance audit for your institution.