Capsicum participated in the Cybersecurity for Local Government Conference, an examination of unique cybersecurity challenges faced by local governments. Particularly with the increased malicious activity in the wake of COVID-19, it is important for government bodies to remain vigilant.
The event was hosted by Cyber Florida in partnership with the University of South Florida’s School of Public Administration, the Florida League of Cities, the Florida City and County Management Association, the Florida Association of Counties, and the Florida Local Government Information Systems Association. Capsicum participated in a series of workshops geared to prepare local governments and improve cybersecurity posture.
Read on to learn about three key Cybersecurity issues influencing the public sector.
1. Cybersecurity is No Longer an Optional Consideration for Public Administration
Unlike building a new bridge or repaving a roadway, allocating resources for cybersecurity is no longer something that can be postponed. County and municipal governments are fast becoming popular targets for cybercriminals, especially for ransomware attacks, which can wreak havoc for these organizations and the citizens they serve. The goal of government at all tiers is to serve its citizenry, and therefore being attuned to the very practical threat cybersecurity poses to communities is paramount. As recent cases have demonstrated, the risk of imminent harm and impact on the community is too immediate. If cities go down, people’s lives are at risk; emergency responders cannot react; and vulnerabilities present opportunities for chaos.
Public-facing leaders need assistance in making a case to the public about allocating large budget sums to cybersecurity projects (instead of more tangible problems like infrastructure or staffing). Local leaders should strive to use all communication channels to garner public support and remove the perception that cybersecurity a highly technical, difficult, or obscure issue the public can’t grasp. One idea is holding focus group meetings to address budget issues with the public, to illustrate the importance of cyber safety. Government officials should leverage social media channels to share the need for increased investment in cybersecurity. And as a citizen, take it upon yourself to approach elected officials about this issue!
Still, proper support, resources, and money will only be half of the solution. Although governments should strive to employ as much technology as possible, the proper tools can only take you so far. Governments should start by utilizing technology, such as enacting intrusion detection systems and external email warnings, security assessments, regular tabletop exercises, as well as implementing basic policies and [procedures such as mandating that no passwords may be written in physical form in proximity to workspaces. While these are essential first steps, governments must continue to train employees by implementing mandatory cybersecurity training.
Because social engineering plays on human nature, we must continuously train staff, both technical and non-technical, about the ploys and tactics of phishing and ransomware. Both employees and government employers would benefit from making cyber competency and testing a core component of employee performance review. While this may involve a large workplace cultural shift, human capital requires as much investment as technology and infrastructure.
2. Government Leaders Must Establish Relationships and Be Familiar with The Resources Available in the Event of a Cyber Incident
Government entities shouldn’t wait until a breach occurs to be in touch with cyber professionals; the key is to be proactive rather than reactive. By having relationships and incident response retainers in place prior to an incident, governments (and businesses and individuals for that matter) will be able to reduce costs while increasing trust and response time. With an Incident Response Retainer, local government can remove uncertainty when responding to a breach or attack. Capsicum provides a highly skilled team of law enforcement and military trained technology professionals to quickly respond, investigate, communicate, preserve and remediate your cyber breach. Not only are we by your side during an incident, but we also audit and prepare your organization and team on an ongoing basis.
Accordingly, vendors are often an integral part of government infrastructure and key players in many localities’ incident response plans. These relationships need to be well established, however, as an underprepared or unsecured vendor could become part of local government’s attack surface. In general, public entities are large targets, and having a subpar vendor with unsecured access to critical information will only serve to increase that exposure.
Although vendors can be an integral part of a government response plan, it is important for government leaders to remember that in addition to private cybersecurity teams, there are public resources available. Having relationships with law enforcement is also important. For example, Homeland Security has been “rebranded” as CISA (“Cybersecurity and Infrastructure Security Agency”). CISA’s goal is to serve as the nation’s risk managers, offering counsel about cyber-preparedness and risk mitigation. Likewise, the FBI can play an integral role in catching cyber-perpetrators. Having these federal resources available for local governments to rely upon is important, particularly given the fact that 80% of critical infrastructure is owned and operated by state, local, and municipal entities.
3. Government Entities Need to Start with the Right People and the Right Plan to Ensure the Right Response.
Sadly, most jurisdictions are behind on their cyber strategies. As a matter of circumstance, it seems the most prepared jurisdictions and local government bodies doing the most to enact cyber protections are those who have already been hacked. Clearly, a major shift that needs to take place regarding cybersecurity, one that prioritizes preparedness into government processes and does not allow the concern to become an afterthought.
Implore your government leaders to learn from other municipalities, to be proactive, and to start preparing at the outset. At a very basic level, every government entity should have a leader ready to react according to an Incident Response Plan. A Cyber Incident Response Plan or a NIST Assessment are the government’s playbook for reacting and responding. City and county managers, their department heads, and elected officials must be prepared to execute the response plan and have a unified voice across government offices. Accordingly, officials should routinely exercise the response plan with everyone in the office. Offices should play out scenarios to ensure that essential operations systems for different departments (fire, police) can function during a compromise; offices must be prepared to pull the plug and shut systems down once there has been a DDoS attack; offices must have secondary methods of billing and processing; etc.
In addition to having employees and vendors ready to respond, Crisis Communication is an essential part of an emergency response. It is critical to maintain communication throughout the course of an incident. Have a chosen spokesperson who is involved in deciding how much to tell the public, what the risks are if the public is not sufficiently informed, how to articulate the solution to the problem and deliver the best message. The public will be sensitive to a data breach or cyber incident, so the public relations piece should be immediate and concurrent with the discovery of an event so that victims of a breach know what relief is available, what action to take, and what recourse will be available to them.
With years of experience mitigating cyber-threats, including company insiders, misconfigurations, missing security updates, malware, and programming errors, Capsicum’s team knows how deeply a company suffers when an intruder exploits their network’s vulnerabilities. For companies seeking more robust security in their current network, our team members perform a thorough, top-down assessment to create a unique security profile for your company.
Our Certified Ethical Hackers (CEH) and Computer Hacking Forensic Investigators (CHFI) provide risk assessment, penetration testing, code review, cloud security, threat hunting, and phishing attack simulation in order to create a unique security profile for your company by flagging vulnerabilities and anticipating weaknesses within your technical infrastructure and verifying that the policies, procedures, and controls you have in place are truly being enforced. With Capsicum at your side, risk assessment, penetration testing, code review, cloud security, threat hunting, and phishing attack simulation are just a few of the services our team of law enforcement and military-trained technology professionals can perform. If your business network has already been compromised, we use state-of-the-art forensics techniques to investigate all possible threats and respond to incidents quickly and effectively. We then work with you to set up world-class solutions that minimize your risk of future incidents.
If you have additional questions regarding any of our services, please do not hesitate to contact us either by phone or email.