How A Little-known Group Has Been Protecting Your Data for 20 Years

By Karen Sorady , Vice President of MS-ISAC Member Engagement at the Center for Internet Security (CIS)

You may not realize it, but you have been sharing your personal data with various public sector offices and agencies in the places you live and work. Like an unintentional farmer, you’ve been spreading the seeds of your private information across public hospitals, schools, election offices, and state and local government offices like the?DMV. It’s what we do as citizens of our towns, cities, counties, and states. But who is working to protect these fields full of the precious digital dossiers left behind by conscientious?constituents?

What Is the MS-ISAC?

You’ll be pleased to learn that there is a nationwide network of IT and cyber experts collaborating to promote effective cyber defense across the country for these public institutions you depend on. The Multi-State Information Sharing and Analysis Center (MS-ISAC) is comprised of a group of more than 15,000 government organizations dedicated to promoting cybersecurity best practices and providing no- and low-cost resources to the cyber underserved – public sector organizations traditionally understaffed and underfunded. The MS-ISAC, which celebrates its 20th anniversary this year, is one of many such cooperative groups that have sprung up since 9/11 out of an effort to bring together public and private sector organizations to promote information and intelligence sharing as well as collaboration around solutions to common challenges. Federally funded by Congress through the Cybersecurity and Infrastructure Security Agency (CISA) and a division of the Center for Internet Security (CIS), the MS-ISAC is autonomously guided by its Executive Committee and member organizations. Membership in the MS-ISAC is available at no cost to U.S. State, Local, Tribal, and Territorial (SLTT) government organizations like K-12 schools, universities, public water and electric utilities, and any other government entity you could think of that operates below the federal level. In the work of promoting cybersecurity among state and local governments, the MS-ISAC is involved in some important work that helps keep your data safe.

Supporting a More Cyber-Intelligent Community

Cybercriminals have increasingly turned their attention toward public sector organizations in the past several years, seeing them as data-rich targets that yield quick ransom payouts. For example, a 2022 MS-ISAC report on K-12 schools found that 29% of school survey respondents were victims of a cyber attack. Between 2020 and 2022, 500 ransomware incidents were reported to the MS-ISAC by its member organizations.?The MS-ISAC provides cyber threat intelligence, or information on common and emerging tactics of cyber threat actors, in numerous ways to assist state and local government organizations with cyber defense.

Member organizations can sign up for real-time threat indicator feeds from the Center for Internet Security (CIS), the nonprofit commissioned by the federal government to operate the MS-ISAC. These easy-to-implement, no-cost feeds help member organizations identify and even predict and mitigate potential cyber threats, helping security teams make better, faster, and more proactive cyber defense decisions. Through this program, the MS-ISAC ingests threat data from more than 200 sources, including industry partners, federal agencies, and other state and local organizations, carefully distilling it down to serve as useful indicators for members. The MS-ISAC Cyber Threat Intelligence team also publishes regular reports defining the contemporary cyber threat environment, including a Top 10 Malware targeting state and local governments.

Happy New Year…Please Help!

The MS-ISAC’s support to schools and government offices does not stop at providing up-to-date cyber threat intelligence. Many government organizations need more proactive support for their cyber defense efforts. The CIS Security Operations Center (SOC) provides round-the-clock cybersecurity monitoring and assistance to SLTT government organizations. The SOC operates on a 24x7x365 basis, monitoring the IT environment of member organizations who leverage various network and endpoint security services like Albert Network Monitoring and Management and CIS Endpoint Security Services (ESS). MS-ISAC member organizations can contact the SOC anytime, even at 11:59 p.m. on New Year’s Eve, and talk to an expert security analyst who understands the unique IT and cyber challenges of state and local governments.

Millions of Filing Cabinets of Data

The SOC leverages the largest SLTT-specific threat database, processing 100 petabytes – the equivalent of 20 million tall filing cabinets or 500 billion pages – of data each month. And despite processing this massive amount of volume, the SOC maintains near real-time detection of cyber threats while averaging industry-leading response times of between five and 10 minutes to notify organizations of a detected threat.

The support of the SOC can save public sector organizations precious time and money by reducing the time it takes for security teams to analyze cyber data; the SOC eliminates 75% of the false positives alerts, on average, that can overburden busy security teams, escalating only those threats deemed credible by the SOC’s analysis. In serving this critical function, the SOC is a full-time cyber defense partner, lowering MS-ISAC member organizations’ cyber risk.

“The MS-ISAC is a critical partner to our state’s cybersecurity program, with the SOC serving as an extension of our internal team to provide the additional eyes and ears to aid in detection and response efforts of our state infrastructure.” – State Chief Information Security Officer

Preventing More Cyber Attacks Than the Global Population

As if real-time cyber threat intelligence, security monitoring, and incident response support were not enough, the MS-ISAC provides member organizations with no-cost resources to support their cyber defense. Malicious Domain Blocking and Reporting (MDBR) is a web security service that is available at no cost to MS-ISAC member organizations. It takes as little as 15 minutes to implement and begin protecting web users. Funded by Congress for SLTTs, MDBR helps prevent an organization’s web users from clicking on malicious links that could compromise networks and cost organizations downtime, data loss, and costly ransom payments. Since its inception in 2020, MDBR has blocked more than 11.9 billion attempts to connect with malicious sites online – that’s equivalent to the prevention of nearly one and a half potential cyber attacks per person on the planet.

Election offices also receive device-level protection funded by Congress in the form of the Endpoint Detection and Response (EDR) service. EDR offers organizations security software deployed directly on workstations and servers that continually monitors for suspicious patterns and threats known to be used by cyber threat actors. If a threat is identified, EDR blocks it and generates an alert to an organization’s security team. The CIS SOC has reviewed more than 29,000 alerts generated from the ESS and EDR services so far in 2023 for potentially-malicious activity.?Election offices are among the MS-ISAC’s largest contingents, with some 3,600 member organizations making up the Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC), which celebrates its fifth year anniversary in 2023.?

Membership That Means Something…and Costs Members Nothing

There’s no shortage of ways the MS-ISAC is making a difference in promoting cybersecurity among the state and local government institutions Americans depend on every day. To learn more about the MS-ISAC and inquire about the benefits of no-cost membership, public sector organizations are encouraged to sign up.

If you are a citizen concerned with the protection of your private information, you can ask an organization holding your data if they are a member of the MS-ISAC. Having protected public sector data for 10 years and counting, we plan to continue the hard work of supporting the cybersecurity needs of state and local governments well into the future.