What State and Local Governments Can do to Prepare for the Next Cyber-Attack
Center for Internet Security
Leading the global community to secure our ever-changing connected world.
By John M. Gilligan, President and CEO of the Center for Internet Security
We are on alert. The risk of a major cyber-attack against U.S. schools, hospitals, government organizations, and critical infrastructure is increasing. The Biden administration’s laser focus and sense of urgency on this issue are appropriate. The President’s recent call to governors to protect their infrastructure, including working with private sector organizations, reflects an unprecedented ‘call to action’ for state, local, tribal, and territorial (SLTT) leaders.
As the administration implores the private sector to strengthen forces against cyber threats, state and local governments, who serve and protect our communities, should know about additional measures they can take to make their constituents even more secure. The Center for Internet Security (CIS) has learned that focusing on those activities that provide the greatest benefit and can be quickly implemented is the best way to protect our country. To do that, every organization should consider breaking it down by what can be done today, tomorrow, next week, and what should be ongoing.
What to do today
U.S. SLTT governments should take 5 minutes to join the Multi-State Information Sharing & Analysis Center? (MS-ISAC?), a central cybersecurity information-sharing resource designed and operated exclusively for these organizations. This will provide access to a 24x7x365 security operations center, incident response services, cyber threat intelligence, advisories, and many other resources. Joining the MS-ISAC is free to state and local governments.
What to do tomorrow
Take 15 minutes to help stop malicious internet activity. Adding a free MS-ISAC service called Malicious Domain Blocking and Reporting, will stop many attempted cyber-attacks, including malware, phishing, and ransomware, from impacting critical government systems.
What to do next week
Turn on and use multi-factor authentication (MFA) for any system that offers it. Attackers continue to steal credentials (username and password) through phishing attacks and other tactics. We also recommend conducting a vulnerability scan for any parts of an organization’s network that connect to the internet. U.S. SLTT organizations can request scans through the MS-ISAC at no cost. The results will show you where your organization is running out of date or unpatched software. Fix them before an attacker finds them.
What you should do in the next two weeks
Enable “logging” on any capable device and make sure you’ve got a system to collect them. If an organization is the victim of an attack these logs give you the “history” of the attack helping responders reconstruct the attack and recover from it.
What to do – always
There are two fundamental things all organizations should be doing regardless of the level of the threats in the outside world: make sure you have an updated incident response plan, with established contacts for CISA, the MS-ISAC, law enforcement, and your insurance providers; and always make sure you’re backing up your data on devices that are not connected to the internet and are separate from your main network. These are critical steps that cannot and should not wait until an emergency.
There is no such thing as 100% cybersecurity for any organization. Staying cyber secure is a continuous journey that requires diligence and support.
It’s not too late for SLTT governments to take these important steps, which are both highly effective and require a modest investment of time and resources. CIS and the MS-ISAC are here to support you.
John Gilligan is the President and CEO of the Center for Internet Security and previously served as the Chief Information Officer for the United States Air Force and the US Department of Energy. His photo and full bio are here.
Software Architect | Leonberger Dad | CTS Athlete
2 年What always seems to go unmentioned by anyone at CIS, or obfuscated under the "many other resources" umbrella, is that CIS SecureSuite membership is included for SLTTs joining the MS-ISAC. This allows access to all of Security Best Practices' resources, such as CIS Controls, CIS Benchmarks, and software/automation offerings such as CIS-CAT, CSAT, and Build Kits.
Helping organizations navigate the complex landscape of IT Risks
2 年Good read
Associate Wealth Consultant ~Stockbroking, Financial Advice QFA LIB EFA AFP
2 年Center for Internet Security ??