4 steps for improving cyber preparedness
- By Daniel Rosenthal
- Sep 07, 2016
Recent news reports suggest that election systems may be the latest targets of cyberattacks, potentially at the hands of sophisticated nation-state actors. In the run-up to federal, state and local elections this November, the prospect of these attacks is unsettling -- both the idea of actual manipulation of voter information, and the fear that just the potential for such attacks could undermine the legitimacy of an election or create the conditions for losers to cry foul.
State and local governments collect and store vast amounts of sensitive personal information to provide vital services to their residents -- from law enforcement to corrections, health and education services. They have a vast attack surface that makes them prime targets for cyberattacks.
It is long past time for governments at all levels to recognize the importance of enhancing their cyber preparedness and take meaningful steps to do so. While some are already on the way toward better cybersecurity, many risk falling even farther behind. Below are four primary steps that state and local governments should take now:
Prioritize cyber. The first step toward cyber preparedness is for the leadership to recognize cybersecurity as a matter of systemic importance and to elevate cyber preparedness on the overall governance agenda. Doing so will help ensure that cybersecurity remains a top priority for state and local government leaders and that they are prepared to dedicate the resources necessary to bring about improvements in cyber preparedness.
Assess. A comprehensive assessment regarding the current level of cyber preparedness will help with the development of both a realistic plan for improvement and allocation of resources to efficiently execute on that plan. Cities and states are large and complex enterprises, with dozens of departments and agencies that often operate their own IT infrastructures. An assessment will give leaders a cyber preparedness baseline, which can inform how best to allocate limited resources to make impactful near and long-term changes.
Enhance and remediate. Once cyber preparedness has been fully assessed, government leaders must then develop a comprehensive yet realistic and manageable plan, with concrete and measurable milestones, to bring about meaningful improvement to its overall cybersecurity posture. A comprehensive plan will necessarily include upgrades to the information systems and the controls on those systems, modifications to the policies and procedures that regulate the use of technology and the security protocols in place to protect sensitive information and critical government systems. Other elements of the plan should include programs to educate the state workforce as to the risks posed by cyberattackers, measures to address residual risk through cyber insurance and enhanced coordination with federal authorities with regard to threat information sharing and incident response.
Although the prospect of designing a comprehensive plan can seem daunting -- especially to jurisdictions that recognize they have a significant amount of work to do -- even modest improvements can have impactful results.
Ongoing vigilance. In the cyber domain, continual improvement is absolutely vital. Given rapid technological advances and the growing global reliance on the connected world, today’s cutting-edge cyber program will be woefully inadequate tomorrow. It is therefore critical that state and local governments commit to ongoing vigilance through a plan for regular assessment and enhancement. Doing so will help prevent the evaporation of gains in cyber posture and provide continued opportunities to make additional improvements.
While it will always be the case that government will be vulnerable to attacks carried out by determined and sophisticated cyber actors, by taking the steps outlined above, the state and local leaders can reduce the likelihood that they will be identified for an attack, minimize the chances that the attack will be successful, mitigate the damage that could result from the attack and enhance their ability to recover from it.
Daniel “DJ” Rosenthal is an associate managing director in Kroll’s Investigations and Disputes practice.