The White House is urging U.S. mayors to immediately huddle with their state’s agencies to audit their cybersecurity profile and business continuity plans, in a tacit admission of security weaknesses at local levels of government.
Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger, in a virtual meeting with the bipartisan U.S. Conference of Mayors, outlined the Biden administration’s four point strategy to fight ransomware:
- Disrupt ransomware infrastructure and actors by working closely with the private sector.
- Foster international cooperation to hold countries that harbor ransom actors accountable.
- Expand cryptocurrency analysis to find and pursue criminal transactions.
- The federal government’s review to build a cohesive and consistent approach towards ransom payments.
Neuberger's comments could provide MSSPs (managed security services providers) with key opportunities in the state and local government market. Indeed, savvy MSSPs can leverage the comments to check in with municipalities, deliver or recommend third-party penetration testing and cyber audit services, and provide associated cyber and data protection advice.
Federal Agencies Stand Ready to Assist
There are strong implications for Neuberger's promising federal government cybersecurity support to the nation’s mayors. If faced with a ransomware incident, state and local governments can tap federal resources, including the Federal Bureau of Investigation’s (FBI) cybersecurity specialists and those from the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA), she told the mayors.
Still, Neuberger did not offer any specific details about the federal government pursuing ransomware crews either backed by adversarial governments or unaffiliated operators. She touted the Biden administration’s recent executive order focused on improving the nation’s cyber posture, threat intelligence sharing, and cyber attack response. While the executive order will likely extend to IT service providers that work with the federal government, it could cut across those who work at the state and local levels as well.
In addition, Neuberger promoted the federal government’s public-private Cybersecurity Industrial Control Systems Initiative and its associated pilot program to strengthen cyber resilience in the electric sector. Similar initiatives to secure other critical sectors such as pipelines, water and chemical plans will follow the energy pilot program, she said.
Experts Weigh In
Security specialists weighed in on Neuberger’s approach to cybersecurity at the local level. Richard Blech, XSOC founder, called it a “proper and proactive” response to heightening cyber threats. “Not only must U.S. mayors take the initiative to incentivize tech companies within their community to create project plans with milestones for delivery of solutions but mayors should collaborate and share findings and solutions,” he said.
Security practices at the town and city levels are “particularly vulnerable,” said Purandar Das, Sotero chief security evangelist and co-founder. “The administration should provide both financial and administrative help to upgrade and improve the security practices.”
At the mayors’ conference in 2019, local elected heads resolved to no longer accede to any ransom demands from hackers, following a series of cyber shakedowns that have extorted millions from city governments. The resolution, while not legally binding, establishes an official position that U.S. mayors aren’t going to take it anymore. It also sets up opportunities for managed security service providers (MSSPs) to work with local governments to combat and recover from ransomware attacks.
In 2019, ransomware crews laid into 113 federal, state and municipal governments and agencies, according to security provider Emsisoft’s data. In the first half of 2020, hackers have kept the same pace with at least 60 government entities bitten by ransomware, including cities, transportation agencies and police departments.
A lengthy list of cities and towns of all sizes, most prominently Atlanta, Baltimore, Jupiter, Florida, New Orleans, New York City, Richmond Heights, Ohio and many others have been hit with substantial ransomware attacks. At the federal level officials have vowed to recruit the private sector to assist state and local governments to push back against ransomware attackers.
Cybersecurity Services for U.S. Municipalities: Starting Points
Based on successful attacks against numerous cities, many U.S. municipalities should include the following in their security makeup:
- Backup software/services and associated testing services.
- Endpoint, network and cloud security.
- Cybersecurity awareness training.
- Patch management.
- Best practices such as multi-factor authentication.
No doubt, savvy MSSPs are pitching those IT services and more to their state and local government officials.