By taking advantage of free resources, education and partnerships, local officials can better prepare themselves for inevitable attacks.
The cyberattack against Fremont County, Colorado, earlier this month highlighted the need for governments to be prepared for hacks in the face of ever evolving threats by leaning into collaboration and free training, experts said.
The attack brought down government services and forced Fremont County to build a temporary website with updates on how services were affected. It also prevented county employees from accessing their email. During a meeting of the Fremont County Board of Commissioners last week, Chair Debbie Bell said that administrative staff were forced to write around 330 staff paychecks by hand so that employees could be paid at the end of what she described as an “incredibly rough week.”
This cyberattack came as state and local governments face continual, evolving threats in the face of tight budgets that prevent investment in cybersecurity and increased risk related to remote work resulting from the pandemic.
In response, national groups have tried to prepare governments for the eventuality of an attack. The National Association of Counties (NACo) issued a guide for county leaders that attempted to cast cybersecurity terms and practices in layman’s terms and help them understand its importance.
NACo Chief Information Officer Rita Reynolds said it is imperative for local governments to take advantage of the Department of Homeland Security’s Multi-State Information Sharing and Analysis Center, which alerts local officials to new threats and provides training and other resources at no cost. NACo and the Cybersecurity and Infrastructure Security Agency also provide free cyberattack simulations to help governments prepare for an attack.
Partnerships are key for local governments when recovering from a cyberattack. After Fremont County’s attack, an incident response team jointly led by Fremont County Emergency Management and the Governor's Office of Information Technology, with support from the Colorado Division of Homeland Security and Emergency Management, the Colorado State Emergency Operations Center and federal partners, began investigating the cause and those behind it.
"When it comes to fighting against cybercrime, we are stronger together," Colorado Chief Information Security Officer Ray Yepes said in a statement.
Reynolds said elected officials have shown a greater awareness of cybersecurity issues, especially as requirements like multi-factor authentication (MFA) have become standard practice in everyday life.
“In our personal lives, we are more aware and recognize what could happen to us on a personal level if we don't have MFA on our online banking and things like that,” she said. “That has helped significantly. And when peers talk to peers from other counties, this is a topic of conversation.”
To encourage greater collaboration and information sharing between different levels of government, some states have appointed chief cyber officers in a bid to unify those efforts or have expanded cross-border partnerships.
Cooperation is key between governments, said Casey Dolen, senior policy analyst for cybersecurity at the National Governors Association, as they often face similar issues in cyberspace. And, she said, if one government is weak on cybersecurity it could put others at risk.
“These governments, regardless of what level they're at, they're very alike,” she said. “They want to make platforms easy to use, and the government easy to interact with. With that shared goal, it definitely makes [security collaboration] easier,” she said. The teamwork helps build strong partners because with “cybersecurity, you're only as strong as your weakest link,” Dolen said.
In the meantime, Fremont County’s recovery is ongoing, with commissioners reliant on paper handouts and folders rather than computers at their most recent meeting. “Nobody is in danger, but there’s a lot of weird stuff that’s happening,” Commissioner Dwayne McFall said during the meeting.