The Center for Technology in Government has created a basic, no-nonsense primer to help local leaders identify, respond to and recover from security breaches.
To help local government leaders better understand the cybersecurity threats facing an interconnected network infrastructure, the Center for Technology in Government (CTG) has issued a primer designed to help them identify, respond to and recover from security breaches and take steps to increase their ability to manage cyber risks.
"In 2022, it will be even more important for local leaders to understand cybersecurity and their own cyber profile," according to the primer which aims to be "a launching point for helping make that happen."
The primer answers basic questions like, "What does it mean to detect a potential cyberattack?" and provides definitions of common cyberattack techniques. Links to relevant state and local laws and regulations governing cybersecurity are included as are basic prevention strategies and discussions of the importance of cyber risk management and incident response plans.
The primer presents a set of questions agencies should answer before they connect any new technology to their networks – and why the answers matter. For example, if data that is collected, stored, used or shared is protected by a specific law or regulation, local leaders must understand how the classification of that data will dictate the policy and technical controls for both government and the vendor.
Other sections cover contract language, cyber insurance, roles and responsibilities and what to expect in the event of a cyberattack. The primer says data loss, disruption of services, destruction of IT infrastructure or data and the spread of disinformation can typically follow an intrusion.
The best defense is being prepared, the primer advises. Local governments should not only evaluate their current cyber preparedness and draft an incident response plan, but they should also conduct a tabletop exercise that will help to point out strengths and weaknesses in plans, policies and procedures. A list of organizations providing tabletop exercise services is included, and links to cybersecurity grant programs are also included.
Appendices provide more detailed definitions, examples and resources, including a chart indicating what cybersecurity help various federal, state and nonprofit organizations can provide local government leaders.
“Local government leaders are responsible for protecting their government assets, yet most would say they are not cyber savvy," said Meghan Cook, program director at the University of Albany's CTG and advisor with the New York State Local Government Information Technology Directors Association. "This Primer sets forth basic information about cybersecurity from leading expert organizations while remembering that the local government leaders have numerous and varied responsibilities.”
CTG partnered with New York State Association of Counties, the NYS Conference of Mayors, and the Association of Towns of New York State to develop the primer.