5 best practices to boosting municipal cybersecurity
Sachin Bansal, Chief Business Officer, SecurityScorecard
The city government of Oakland has declared a state of emergency after it was hit by a ransomware attack. The attack, which began in the evening of February 8th, has forced the city to take all its IT systems offline, and has affected many non-emergency services, including the ability to collect payments, issue permits, and process reports.
I recently sat down to speak with NBC Bay Area News on the implications of this attack. While the ransomware group behind the Oakland cyberattack is still unknown, SecurityScorecard’s STRIKE Threat Intelligence team believes these attacks are not isolated incidents. On the contrary, cyberattacks on state and local governments are on the rise. This is because many of them run on antiquated legacy systems, which make them more vulnerable to threat actors. Additionally, these organizations, in particular, are seen as “soft targets” because they hold large amounts of sensitive data, and often lack the budget and resources to defend themselves against both routine and sophisticated attacks.
Many organized criminals are also getting into the world of cyberattacks because there is a thriving underground industry that will do the technical legwork for a fee, enabling non-technical criminals to engage and profit from ransomware activity. As long as there is money to be made, there is no indication of this activity slowing down. A recent study found that local governments were among the organizations least capable of disrupting ransomware attacks, but are also among those who pay ransoms most frequently (43% paid a ransom after an incident).
SecurityScorecard’s own recent report examined the state of critical infrastructure and found that cyber resilience has gotten worse, despite years of increased focus on cybersecurity. Our most essential institutions are sometimes the most vulnerable, and these continued breaches can contribute to a lack of public trust and confidence. Cyber resilience is necessary for building and sustaining trust in our institutions, but according to the World Economic Forum (WEF), only 19% of cyber leaders feel confident that their organizations are cyber resilient.
“As long as there is money to be made, there is no indication of this activity slowing down.”
The current state of municipal cybersecurity
While the public eye has focused mainly on high-profile incidents such as the Colonial Pipeline attack in May 2021, attacks on all levels of governments have been extremely damaging and difficult to recover from. Dozens of threat actors and ransomware groups are constantly targeting and exploiting tens of thousands of government systems across the world. The White House sounded the alarm last year, by issuing a warning about nation-state threat actors, and urging organizations to “harden your cyber defenses immediately.”
In the wake of these attacks and the growing threat landscape, in September 2022, the Department of Homeland Security (DHS), through the Cybersecurity and Infrastructure Security Agency (CISA) announced the implementation of the State and Local Cybersecurity Grant Program (SLCGP) and the Tribal Cybersecurity Grant Program (TCGP). This first-of-its-kind program was established by the Bipartisan Infrastructure Law, and will distribute $1 billion over four years to help smaller governments address cybersecurity risks, strengthen critical infrastructure, and protect their systems against persistent threats. Congress has specified that 80% of the funds should support local governments, and at least 25% of that should be directed to rural areas.
As government applications and services continue to digitize, the threat landscape will only grow. All levels of government need to take this Oakland case as a warning of broader attack threats and harden security at every level. Vendor and third-party technology assets continue to be a weak link in operational security, and organizations must enhance their visibility and diligence in managing their entire risk posture, including both themselves and their suppliers.
5 best practices for boosting municipal cybersecurity
With over 90 thousand different state and local governments across the U.S., each one is a potential target. Municipal leaders must be well-prepared and proactive in detecting vulnerabilities, monitoring risks, and educating employees on cybersecurity. A robust municipal cybersecurity plan can help streamline these efforts to improve cyber resilience and restore public trust.
Here are some key tools local governments can use to improve their cybersecurity postures:
1. Attack surface monitoring
As municipalities grow and adopt new capabilities, their attack surface expands. By incorporating attack surface monitoring into the cybersecurity plan, security teams can have greater visibility into their cities’ digital footprint – allowing them to identify each asset, its location, and the potential risks associated with it. This can help leaders allocate appropriate IT resources where needed and prioritize remediation efforts most critical to the municipality.
2. Continuous monitoring
The faster local governments can detect and respond to threats, the lower the risk for serious damage that may take years to remediate. Leveraging a continuing monitoring tool like security ratings can help municipalities stay one step ahead of hackers and respond to threats more efficiently while also measuring the effectiveness of their cybersecurity efforts.
3. Cybersecurity performance benchmarks
Another element municipalities can include in their cybersecurity plan is to benchmark their performance against other cities. In doing so, municipalities better understand how other cities are performing, and exactly where the gaps in their cybersecurity program are. From there, municipalities can build improvement plans, accurately track operations, and even advocate for more security resources.
4. Third-party risk assessment and management
Municipalities work with many third parties that need access to their systems and data. Incorporating a robust third-party risk assessment and management process offers better visibility, minimizes the impact in case of a breach, and improves overall security posture.
5. Updated security policies and guidelines
In addition to updating software regularly, local governments must take into account the changing nature of how work gets done. With more employees working remotely, municipalities must update their security policies and guidelines accordingly. These guidelines can include strengthening firewalls, reinforcing VPN policies, educating employees about network security in their own homes, and having security teams tighten security around personal devices.
Increase cyber resilience and preserve trust
These highly-targeted cyber attacks will continue to prove a formidable challenge to many small towns and municipalities. As part of our mission to make the world a safer place, SecurityScorecard has partnered with public sector organizations such as the National Association of State Chief Information Officers (NASCIO) and the National Association of Counties (NACo). These alliances enable us to share critical cyber threat information, raise the cybersecurity and risk posture of state and local governments, and help mitigate the threats to communities.
To prevent ransomware attacks and other types of cyber intrusions on local governments, institutions must have up-to-date cybersecurity tools and cyber hygiene practices that are followed by everyone. To prevent and respond to these types of incidents, continuous monitoring can identify the blind spots in your digital footprint and help protect the attack surface from every angle. In the event of a confirmed or suspected ransomware attack, having an incident response team in place is crucial for help with digital forensics, remediation, and recovery. For more information on how to better secure your organization, visit SecurityScorecard.