Last week, NACo kicked off its first Cyber Symposium as part of President Chris Rodgers' initiative, calling the attention of county leaders, chief information officers, and IT staff members to the growing threats in the cyber world. National cyber security experts gathered at the University of Nebraska Omaha to learn about the threat, develop best practices, and explore the cyber security legislative landscape. This issue is of national importance – as recently as last Thursday, the U.S. House of Representatives passed the Cyber Intelligence Sharing and Protection Act (CISPA), further encouraging collaboration between companies and all levels of government to share information about cyber-attacks. Cybersecurity threats affect all sectors, all industries and all individuals, requiring stakeholders to share the responsibility and do their parts to promote a healthy cyber ecosystem.
The global reach of cyber threats creates the need for an integrated response involving partnerships between governments and the private sector. The increasing dependence on the internet as a tool for information sharing, coupled with its interdependency with critical infrastructures like government, transportation, banking and finance, telecommunications, and public safety has led to widespread and damaging effects of cyber-attacks. Additionally, the increased use of social media, cloud and mobile devices has led to a near 680% increase in cybersecurity threats against U.S. government systems from 2006 to 2012. Counties share the responsibility in creating and participating in preventative and corrective actions and policies to protect themselves, their constituents and their employees.
As cybersecurity threats become more sophisticated and damaging, the issue has become a federal priority. In 2003, the Bush administration signed the National Strategy to Secure Cyberspace, which calls for a federal center to track attacks and encourages government-industry cooperation. As a result, the Department of Homeland Security (DHS) established the National Cybersecurity and Communications Integration Center (NCCIC), to coordinate national action and work directly with federal, state, and local governments to share and implement sound cybersecurity policies and strategies.
County officials should promote effective policies, procedures and infrastructure by tapping in to these federal programs and collaborating with other levels of government and industry. The Multi-State Information Sharing and Analysis Center (MS-ISAC), DHS’s information sharing conduit, currently provides all 50 participating states, Washington DC, and 272 local governments – including 112 counties – with a 24/7 watch and warning security operations center. Through this system, state and local officials are provided with real-time risk information updates, from a combination of sources including federal entities, the intelligence community, and the private sector.
The Cyber Security Evaluation tool (CSET) is one assessment tool that helps counties measure and analyze their cybersecurity capabilities, techniques and policies. Offered by DHS, this desktop software tool uses industry and government standards and a four-step assessment process to analyze an organization’s cyber security and readiness to handle an attack. CSET then reviews and identifies the counties’ cyber policies and procedures that need development to achieve the desired level of security, providing a range of techniques that can be self-applied or those requiring expert support. Another such tool available to county governments is the Cyber Storm exercise which examines and validates an organization’s operating procedures and information sharing mechanisms. These simulated exercises are being routinely administered in order to track interagency communication to establish sound cybersecurity defense.
In the constantly evolving world of technology, county governments must work collaboratively to protect themselves, their constituents and their information. Partnerships with other governments and the communications industry provide counties access to tools that assess cybersecurity and expert advice on how to improve their capabilities and promote a healthy cyber ecosystem.