What State and Local Governments Can do to Prepare for the Next Cyber-Attack

What State and Local Governments Can do to Prepare for the Next Cyber-Attack

By John M. Gilligan, President and CEO of the Center for Internet Security

We are on alert. The risk of a major cyber-attack against U.S. schools, hospitals, government organizations, and critical infrastructure is increasing. The Biden administration’s laser focus and sense of urgency on this issue are appropriate. The President’s recent call to governors to protect their infrastructure, including working with private sector organizations, reflects an unprecedented ‘call to action’ for state, local, tribal, and territorial (SLTT) leaders.

As the administration implores the private sector to strengthen forces against cyber threats, state and local governments, who serve and protect our communities, should know about additional measures they can take to make their constituents even more secure. The Center for Internet Security (CIS) has learned that focusing on those activities that provide the greatest benefit and can be quickly implemented is the best way to protect our country. To do that, every organization should consider breaking it down by what can be done today, tomorrow, next week, and what should be ongoing.

What to do today

U.S. SLTT governments should take 5 minutes to join the Multi-State Information Sharing & Analysis Center? (MS-ISAC?), a central cybersecurity information-sharing resource designed and operated exclusively for these organizations. This will provide access to a 24x7x365 security operations center, incident response services, cyber threat intelligence, advisories, and many other resources. Joining the MS-ISAC is free to state and local governments.

What to do tomorrow

Take 15 minutes to help stop malicious internet activity. Adding a free MS-ISAC service called Malicious Domain Blocking and Reporting, will stop many attempted cyber-attacks, including malware, phishing, and ransomware, from impacting critical government systems.

What to do next week

Turn on and use multi-factor authentication (MFA) for any system that offers it. Attackers continue to steal credentials (username and password) through phishing attacks and other tactics. We also recommend conducting a vulnerability scan for any parts of an organization’s network that connect to the internet. U.S. SLTT organizations can request scans through the MS-ISAC at no cost. The results will show you where your organization is running out of date or unpatched software. Fix them before an attacker finds them.

What you should do in the next two weeks

Enable “logging” on any capable device and make sure you’ve got a system to collect them. If an organization is the victim of an attack these logs give you the “history” of the attack helping responders reconstruct the attack and recover from it.

What to do – always

There are two fundamental things all organizations should be doing regardless of the level of the threats in the outside world: make sure you have an updated incident response plan, with established contacts for CISA, the MS-ISAC, law enforcement, and your insurance providers; and always make sure you’re backing up your data on devices that are not connected to the internet and are separate from your main network. These are critical steps that cannot and should not wait until an emergency.

There is no such thing as 100% cybersecurity for any organization. Staying cyber secure is a continuous journey that requires diligence and support.

It’s not too late for SLTT governments to take these important steps, which are both highly effective and require a modest investment of time and resources. CIS and the MS-ISAC are here to support you.

John Gilligan is the President and CEO of the Center for Internet Security and previously served as the Chief Information Officer for the United States Air Force and the US Department of Energy. His photo and full bio are here.

William (Bill) Munyan

Software Architect | Leonberger Dad | CTS Athlete

2 年

What always seems to go unmentioned by anyone at CIS, or obfuscated under the "many other resources" umbrella, is that CIS SecureSuite membership is included for SLTTs joining the MS-ISAC. This allows access to all of Security Best Practices' resources, such as CIS Controls, CIS Benchmarks, and software/automation offerings such as CIS-CAT, CSAT, and Build Kits.

Ayad Mashhadani ????

Helping organizations navigate the complex landscape of IT Risks

2 年

Good read

回复
Michael J. Murphy

Associate Wealth Consultant ~Stockbroking, Financial Advice QFA LIB EFA AFP

2 年

Center for Internet Security ??

要查看或添加评论,请登录

社区洞察

其他会员也浏览了