The National League of Cities is partnering with NuHarbor Security to bring Tenable and Splunk tools to under-resourced municipality security teams.
Ransomware continues to be one of the most common cyberattacks – and one of the most preventable, a panel of experts said during an April 16 National League of Cities’ webinar on cybersecurity threats and solutions.
“Ransomware is only one of many types of cyberattacks, but for many reasons [attackers] appear to have focused on the municipal organizational level,” said Chris Jensen, Tenable’s federal business development and capture manager.
Municipalities not only collect and store personal information about their residents, they also tend to be under-resourced and have employees who are overworked.
“It’s like when a robber goes into a neighborhood … looking for an easy target -- who doesn’t have the dog, who doesn’t have the alarm system, who leaves the doors unlocked, who leaves the lights off,” Jensen said. “Ransomware has a similar … approach.”
He offered several ways that municipalities can fight back. The first is to train workers to use strong passwords and institute two-factor authentication to strengthen identity management. Then, cities must train employees to recognize phishing attacks and report -- rather than clicking on -- suspicious, unsolicited links.
Meanwhile, IT managers must ensure that they are addressing vulnerabilities as soon as patches become available, Jensen said.
However, time is not necessarily of the essence for ransomware attackers, he said. “Most of the vulnerabilities that are exploited by attackers are more than a year old,” he explained. “In other words, they were made public a year ago, a patch was available to update the system to fix that vulnerability, but for whatever reason, the operator never did it.”
By establishing and following a disciplined vulnerability management program, agencies can go a long way in shoring up their defenses, Jensen said.
Other challenges common to cities, towns and villages include a workforce gap and playing a game of catch-up. For instance, it’s hard for municipalities to compete with the salaries that bigger cities or the private sector can offer. That’s where “the outsourcing of some of this becomes crucial,” Jensen said.
Additionally, many smaller communities tend to be reactive, rather than proactive, and focus on what to do after an attack, said Tim Woodbury, director of state and local government affairs at Splunk.
“Too often, cybersecurity seems to be ‘clean up on Aisle 7.’ You just sit back and wait,” Woodbury said. “They think the fancy defensive measures are too hard to implement for a city of their size or not approachable from an expense standpoint.
A recent agreement between NCL and NuHarbor Security “is trying to prove otherwise,” he said.
The partnership aims to help NLC’s more than 2,000 member cities improve their cybersecurity posture. Through a pilot program, members can make use of the solutions from Splunk, a data analytics and cybersecurity software company, and Tenable, a cybersecurity services provider, for free for 45 days. NuHarbor plays an integrator role, helping cities, towns and villages integrate the solutions they have, such as antivirus and firewalls, with solutions from Splunk and Tenable.
The partnership came about when NLC CEO Clarence Anthony began discussing with Woodbury ways to help cities suffering from ransomware attacks. In 2019, more than 205 organizations said they had such an attack -- a 41% increase from the year before, according to The New York Times. In 2020, ransom demands averaged almost $850,000, according to Palo Alto Networks research, but the city of Baltimore estimated that its May 2019 attack will cost it at least $18 million.
Woodbury said that he and Anthony found that part of the problem is in accessing cybersecurity tools.
“We [decided we were] going to specifically design this program to be an easy onboarding experience and have the right tools to set up cities for success as they look to address ransomware,” Woodbury said.
“The NuHarbor partnership’s shared goal is to help improve the ability of NLC member towns, cities and villages to defend themselves from the growing threats of ransomware and other cybersecurity attacks,” said Linda Gatti, program director of strategic partnerships and development at NLC.