Ransomware response requires better federal, state, local coordination
Just_Super/Getty Images
Federal agencies most involved with cybersecurity should improve communication with each other and with other levels of government, GAO said.
State, local, tribal and territorial governments could benefit from better collaboration with the federal government on preventing and responding to ransomware attacks, a Nov. 16 report found.
The Cybersecurity and Infrastructure Security Agency (CISA), the FBI and the Secret Service are the primary federal agencies responsible for ransomware response and prevention, but they do not have formal processes in place to coordinate between themselves and state and local government entities, according to the Government Accountability Office.
The GAO also found that while state and local governments are generally satisfied with the ransomware assistance provided by the federal government, they struggle to identify the services available to them. Some tribal nations were concerned that CISA’s outreach was too focused on the state level and left them uninformed.
Meanwhile, governments that contacted the FBI for assistance said the bureau had issues with “inconsistent and timely communication.” And while K-12 educational institutions are a key target for ransomware—as seen with the recent attack against the Los Angeles Unified School District—CISA and the Department of Education do not interact much with schools on cybersecurity, other than to offer them resources and guidance.
In response to these concerns, the GAO reiterated a recommendation it made in September that the three federal agencies improve interagency collaboration and coordination and evaluate how best to address the concerns raised by state and local governments. And it called on the Department of Education, CISA and other stakeholders to establish a government coordinating council to work on cybersecurity issues with K-12 institutions.
With the promise of $1 billion in federal grant money from CISA, state leaders are optimistic they can foster greater cooperation between all levels of government and bring them all up to the same level of preparedness and training. And with ransomware attacks only increasing in frequency and intensity, state leaders said it is imperative governments work together.
“Ransomware is always in the headlines recently, and if your business is not resilient, if your agency is not resilient, then you could have a serious business disruption,” Hemant Jain, chief information security officer at the Indiana Office of Technology, said during a recent GCN webinar. “If we can establish a few elements at an introductory level, then we can establish a good baseline and continue to move on from there.”
Many have recognized that the $1 billion in federal funding is just a start and must be part of a wider effort to change states’ cybersecurity culture for the better, given that trillions of dollars are needed to truly support cybersecurity.
Jim Richberg, a former cybersecurity chief at the Office of the Director of National Intelligence who is now chief public sector CISO and vice president of information security at cybersecurity software company Fortinet, said in a recent interview the initial figure is welcome, but is “decimal dust.”
Instead, he said, the requirement that states have a cybersecurity governance committee and think strategically about how they collaborate across agencies is just as significant, as it requires states to show they are thinking about cybersecurity “systematically” and not just buying “cool toys that are going to become obsolete.”