Free cybersecurity tools for state, local governments

GettyImages/ barleyman

Free cybersecurity tools are available state, local, tribal and territorial government members of the Multi-State Information Sharing and Analysis Center and the Elections Infrastructure Information Sharing and Analysis Center – they just need to know to ask for them, experts said.

Cybersecurity tools are available for free to many local governments – they just need to know to ask for them, a panel of experts said during a webinar hosted by the National Association of Counties.

“One of the challenges I have found over the past few years is knowing what resources we should be taking advantage of and being able to differentiate between one organization that provides a resource and another,” NACO CIO Rita Reynolds said during the Jan. 26 event titled “Advanced Security Resources Available for Local Government Through the Center for Internet Security.”

One tool that is available free to all state, local, tribal and territorial government members of the Center for Internet Security’s (CIS) Multi-State Information Sharing and Analysis Center (MS-ISAC) and the Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC) is a malicious domain blocking and reporting (MDBR) service. CIS works to provide that through a partnership with the federal Cybersecurity and Infrastructure Security Agency and Akamai.

MDBR acts as an agency’s domain name service (DNS) and prevents endpoints and systems from connecting to malicious domains.

“It prevents malicious traffic by blocking it and not allowing it to resolve,” said Eugene Kipniss, director of partnerships and stakeholder maturity at MS-ISAC. “Every lookup that is attempted from your organization from everyone that uses your DNS centrally, that’s going to be compared against a list of known bad domains. It’s going to be checked for levels of suspiciousness.”

More than 4,000 state and local MS-ISAC members are enrolled in the MDBR program, and it has blocked 3 billion DNS requests out of 592 billion total requests since 2020 – 0.5% of all traffic routed through it, Kipniss said.

Although that sounds low, “consider how many pieces of digital touch you have across your organization, how many people and end users, how many programs are going to be beaconing out and leveraging DNS whether it’s for web browsing or for other applications and processes and needs,” he said. “If you think about the mass quantity, the sheer volume of interaction that our computing systems have with DNS, half a percent being bad is scary. It’s that half a percent that can cause you to work overtime a week trying to fix a problem.”

Of the blocked requests, 65% were known malware domains, 22% were related to malicious command and control and 5% were related to phishing.

To set it up, government agencies must replace their DNS with Akamai’s DNS server, which runs MDBR. It can be installed in less than 15 minutes, added Kathryn Boockvar, CIS’s vice president of election operations.

Another tool is endpoint detection and response (EDR), which is software that collects data from workstations and servers – the endpoints – and transmits it to a server for analysis of suspicious threats. If it finds one, the affected machine is isolated until someone can review and remediate the problem.

The federal government has provided free EDR licenses for anything that touches local elections work. “Your entire election office -- every computer that you have -- could get this for free,” Boockvar said, adding that officials can use it beyond elections-related applications for a fee of $60 per endpoint per year.

For EDR, CIS partnered with CrowdStrike in November 2021 to provide fully managed CIS Endpoint Security Services (ESS). Tailored to state, local, territorial and tribal entities, it includes more than 12,000 MS-ISAC members with more than 14 million endpoints in total.

ESS involves five modules that use the CrowdStrike Falcon platform and run through CIS’s security operations center (SOC). One is a next-generation anti-virus module that can monitor malicious threats using known signatures and behaviors that indicate a threat. It couples with the second module to automatically quarantine a potentially problematic machine. Within 10 minutes of detection, SOC analysts can rule out false positives and alert the appropriate party at the affected agency.

The third module lets agencies ask the SOC to run an asset and application inventory and monitor user access to watch for rogue devices on the network. The SOC provides a report about what machines and applications are running, what versions they're using and whether anything seems suspicious.

The fourth module involves USB device control so that agencies know about every USB plugged into their network and lets them set rules, for example, such as blocking all but a certain kind of USB from accessing their networks.

Last is firewall management, which lets agencies push rule updates out to any live device, whether it’s connected to the cloud or an on-premise location.

“The days of having a firewall and an [anti-virus] are over,” said Jamie Ward, cybersecurity solutions manager at MS-ISAC and mayor of Mayfield, N.Y. “The threats are more and more complex and that’s where the features of this endpoint security service, better known as EDR, are really shining.”

Additionally, this spring, CIS will launch a peer-to-peer collaboration portal for MS-ISAC and EI-ISAC members that will allow for listserv capabilities and file sharing to facilitate cross-jurisdictional communication. It is also readying the “Essential Guide to Election Security” in paper and electronic formats, with a plan to continuously update the digital version.

“It is one of the NACO priorities on cybersecurity that all counties join both MS-ISAC and EI-ISAC,” so they can take advantage of these resources, Reynolds said.

Stephanie Kanowitz is a freelance writer based in northern Virginia. 

NEXT STORY: Getting facial recognition right

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.