Longtime ELGL member and friend Luke Fretwell is the CEO of ProudCity (the platform that powers the website you’re reading this post on). Over the years, he’s proven himself to be a gifted digital services thought leader and wise counsel on the technology trends that are most important to local governments.
(I once called him the Bubba of hypertext transfer protocol secure (HTTPS), or the secure version of HTTP, because he could talk about HTTPS with anyone, anytime, anywhere, similar to Bubba’s long listing of the types of shrimp in the movie “Forrest Gump.”)
And so, when Luke began flooding my Slack inbox with some scary headlines, I knew it was serious and that local government and ELGL needed to sit up and pay attention. Here’s a sampling of what he shared:
“From issuing business licenses and building permits and collecting taxes to providing emergency services, clean water and waste disposal, the services provided by local governments entail an intimate and ongoing daily relationship with citizens and businesses alike. Disrupting their operations disrupts the heart of U.S. society by shaking confidence in local government and potentially endangering citizens.”
“On Oct. 18, 2021, hackers using two email addresses purporting to be from U.S. businesses targeted unnamed county election employees with Microsoft Word documents posing as invoices. The documents also led targets to online credential harvesting websites.”
Recently, ELGL hosted a webinar about data security and a case study from the City of Durham, NC – here’s that headline:
“In researching the situation, he tells me, the majority of spend for municipalities is found in maintaining aged and neglected infrastructure as well as new infrastructure to support urban development. “That leaves IT, and IT security, way down on the list of priorities for funding,” Thronton-Trump continues, “new computers, routing and switching is not ‘sexy’ and is not a “ribbon-cutting political event” like new infrastructure is.””
I’m sharing these four links in the hopes that if you’re reading this, you’re now as worried about local government cybersecurity as I am. I’m legitimately scared for the thousands of local governments that ELGL works with. So I’m writing today’s Morning Buzz as my way of taking the fear that Luke instilled in me, and paying it forward.
One of the questions that Luke asked me, is if local government is fully grasping or understanding the urgency and seriousness of ransomware and cybersecurity and so I want to ask it here for your feedback. My gut sense was that the general local government population isn’t thinking about cybersecurity as often as they’re thinking about top-of-mind items like ARPA, COVID recovery, budget development, homelessness, etc.
I’d love to hear more about what your organization is doing, as ELGL continues to find and present information on this important topic. We’ll begin finding more ways to share resources and approaches with ELGL members, both targeted toward general local government folks, as well as more specialized training for IT professionals.
For now, here are some resources that may be helpful:
- CISA stands for the Cybersecurity & Infrastructure Security Agency. Adversaries use known vulnerabilities and phishing attacks to compromise the security of organizations. CISA offers several scanning and testing services to help organizations reduce their exposure to threats by taking a proactive approach to mitigating attack vectors.
- CISA recommends you further protect your organization by identifying assets that are searchable via online tools and taking steps to reduce that exposure.
- CISA cybersecurity assessment services are available at no cost.
- Federal, state, local, tribal and territorial governments, as well as public and private sector critical infrastructure organizations can receive free services
- Vulnerability Scanning and Web Application Scanning typically begin within one week of returning the appropriate forms.
- Cyber Hygiene services are provided by CISA’s highly trained information security experts equipped with top of the line tools. Our mission is to measurably reduce cybersecurity risks to the Nation by providing services to government and critical infrastructure stakeholders.
- To get started – email CISA at [email protected] with the subject line “Requesting Cyber Hygiene Services.”
- Shields Up is a CISA initiative
- Russia’s invasion of Ukraine could impact organizations both within and beyond the region, to include malicious cyber activity against the U.S. homeland, including as a response to the unprecedented economic costs imposed on Russia by the U.S. and our allies and partners.
- Evolving intelligence indicates that the Russian Government is exploring options for potential cyberattacks.
- Every organization—large and small—must be prepared to respond to disruptive cyber incidents. As the nation’s cyber defense agency, CISA stands ready to help organizations prepare for, respond to, and mitigate the impact of cyberattacks. When cyber incidents are reported quickly, we can use this information to render assistance and as warning to prevent other organizations and entities from falling victim to a similar attack.
- CISA recommends all organizations—regardless of size—adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets. Recognizing that many organizations find it challenging to identify resources for urgent security improvements, we’ve compiled free cybersecurity services and tools from government partners, and industry to assist. Recommended actions include:
- Reduce the likelihood of a damaging cyber intrusion
- Take steps to quickly detect a potential intrusion
- Ensure that the organization is prepared to respond if an intrusion occurs
- Maximize the organization’s resilience to a destructive cyber incident