North Carolina picks Tanium for SecureNC cyber scheme

Tanium has been selected by the North Carolina Department of Information Technology as the technology partner for the SecureNC cybersecurity programme, an initiative intended to provide statewide protection across local government, higher education and critical services.

North Carolina plans a phased rollout of SecureNC across counties, cities and higher education institutions. The programme is designed to place state agencies, local authorities and educational bodies on a common cyber platform as officials seek to improve resilience against increasingly sophisticated attacks.

The Department of Information Technology is positioning the programme as a whole-of-state effort, extending security tools and oversight beyond central government systems. In part, the approach is aimed at smaller or under-resourced jurisdictions that may lack the staff or budget to maintain the same level of cyber monitoring and response as larger agencies.

SecureNC will cover a broad set of public services and institutions, including local government networks and universities. The initiative is intended to support essential services such as emergency response and schools, while giving officials a wider view of vulnerabilities and incidents across jurisdictions.

Tanium's platform combines endpoint management, exposure management and security operations in one system. The company says this will give North Carolina real-time visibility into endpoints, automated investigations and faster response across large numbers of devices in different environments.

Statewide model

The agreement comes as US state and local governments face mounting cyber pressure. Public sector systems are seen as attractive targets because of their role in delivering everyday services and their mix of ageing and modern technology. North Carolina's economic and institutional profile also raises the stakes, with research universities, military facilities, ports and financial activity increasing the potential impact of a serious disruption.

Bernice Russell-Bond, State Chief Information Security Officer at NCDIT, outlined that assessment in comments released alongside the announcement.

"North Carolina is a high‐target state with major research institutions, military bases, busy ports, and one of the largest financial footprints outside New York. Threat actors see us as a place where they can cause real disruption, so it's critical that government and the private sector work collaboratively," said Bernice Russell-Bond, State Chief Information Security Officer at NCDIT.

She also set out how the state expects the programme to work across public bodies.

"Tanium gives us real‐time visibility into vulnerabilities across our agencies and, through SecureNC, will extend that same capability to our counties and cities. This unified approach helps us strengthen cyber resilience and reduce the risk of incidents before they happen," Russell-Bond said.

Broader reach

For North Carolina, a central element of the arrangement is extending state-level cyber support to local entities that might otherwise operate with fragmented tools or limited oversight. A unified system could also reduce overlap from separate products used across government while improving coordination during incidents.

The programme is expected to provide more consistent protection across rural and urban counties. It is also intended to improve incident response by giving officials access to real-time endpoint data and a statewide view of vulnerabilities and risk.

Jennifer Axt, Senior Vice President, North America Government, at Tanium, said the programme reflects a public-private model for cyber defence.

"A modern cyber strategy depends on structured and incentivized public‐private collaboration. North Carolina's SecureNC program aligns counties, cities, and educational institutions on Tanium's unified platform so every jurisdiction operates from a single source of truth," said Jennifer Axt, Senior Vice President, North America Government, at Tanium.

She added that the system is intended to improve the state's operating picture during cyber events.

"With autonomous capabilities and real‐time endpoint intelligence, the state can improve decision‐making, strengthen incident response, and make critical operations unstoppable for every community. We're proud to partner with North Carolina on SecureNC and support the protection of the communities and critical infrastructure they rely on every day," Axt said.

The selection of a single technology partner for SecureNC suggests North Carolina is opting for a more centralised operating model rather than leaving cyber procurement and monitoring largely to individual jurisdictions. That may offer a template for other states seeking to balance local autonomy with shared protection across public institutions and frontline services.