5 Cyber Questions Sheriffs & Police Chiefs Should Ask

By: The Center for Internet Security^® (CIS^®) Countering Hybrid Threats (CHT) team

Published August 14, 2025

Analysts at the Center for Internet Security^® (CIS^®) assess state and non-state cyber threat actors will likely continue leveraging a variety of malign cyber tactics to target federal, state, county, and local law enforcement (LE) agencies. Threat actors are likely increasingly seeking opportunities to exfiltrate LE and government data that can be used to impede investigative and enforcement operations.

To defend against these threats, sheriffs, police chiefs, and other LE executives must work with their Chief Information Officers (CIOs), Chief Information Security Officers (CISOs), and their IT and information security teams. In this blog post, we'll review five questions related to cybersecurity you as an LE executive can ask. But first, let's take a moment to better understand the cyber threats confronting your LE organization today.

Cyber Threats Facing LE Organizations

In today’s increasingly complex world, LE faces diverse cyber threats from hostile foreign adversaries, organized crime enterprises, and domestic threat actors seeking to disrupt ongoing operations, impact public safety, and create public panic.

In addition to cyber attacks, such as ransomware, threat actors will likely continue to dox your personnel by publishing officers’ personally identifiable information (PII) online. Threat actors will also likely continue to use online platforms to disclose sensitive information intended to influence your operational behavior or undermine public confidence in your organization. A successful cyber attack can result in operational disruptions to your organization's computer-aided dispatch (CAD) systems and public safety answering points (PSAPs) as well as other response-related, investigative, records management, and correctional activities.

The "Existential" Threat of Ubiquitous Technical Surveillance

Additionally, recent technological advances “have made it easier than ever for less-sophisticated nations and criminal enterprises to identify and exploit vulnerabilities created by ubiquitous technical surveillance (UTS),” which is the collection and analysis of data to link targeted individuals to events or locations, according to the U.S. Department of Justice (DOJ). Threat actors can leverage UTS to undermine your organization's LE operations and compromise officer, informant, and witness safety, leading the Central Intelligence Agency (CIA) to describe the UTS threat as “existential.”

What Cybersecurity Questions LE Should Ask

With the threats discussed above in mind, you should ask the following five questions on cybersecurity.

1. Have we conducted a cybersecurity assessment within the past year?

Periodic cybersecurity assessments provide a way for your organization to identify, assess, and remediate vulnerabilities or gaps in cybersecurity protections and minimize the risk of exploitation.

As you know, there is an ongoing risk of cyber attacks targeting LE and associated government entities like yours, which threat actors assess as high-value targets due to the sensitive and critical nature of the data they possess as well as their low tolerance for operational downtime.

Your LE organization can reference the CIS Controls Self Assessment Tool (CIS CSAT) to identify where you've implemented CIS Controls Safeguards and where you can strengthen your weak points.

2. Do our security capabilities align to security best practices?

By implementing security best practices, including the CIS Critical Security Controls^® (CIS Controls^®), your LE organization can minimize the risks of data compromise and exploitation related to your communications and information systems

The CIS Controls are a prescriptive, prioritized, and simplified set of security best practices that you can use to strengthen your cybersecurity posture. The CIS Controls consist of 18 overarching measures with accompanying CIS Safeguards that guide the logic of implementing these top-level controls. The Implementation Groups (IGs) assist organizations with prioritizing the implementation of the CIS Controls and Safeguards, with IG1 representing essential cyber hygiene and IG2 and IG3 building on the foundation laid by IG1.

Want to learn more about how you can use the IGs to strengthen your LE organization's cyber defenses? Check out our video below.

 

 

Like other LE agencies, your organization should strive to achieve IG3, which is comprised of all the CIS Controls and Safeguards and represents the highest cybersecurity standards.

3. Is UTS part of our cybersecurity awareness training program?

To defend against the risks associated with UTS, your organization should make UTS an element of your cybersecurity awareness training and include education on how employees can sanitize their online presence.

According to the U.S. DOJ, there are five categories of UTS data: travel, visual and physical, online, electronic signals, and financial. Threat actors can combine and aggregate UTS data from various sources to identify, track, and threaten law enforcement officers, witnesses, and informants; detect, avoid, and undermine law enforcement operations; and identify, adapt to, and evade common law enforcement investigative strategies. To mitigate these risks, your organization should conduct continuous UTS vulnerability assessments and require recurring UTS training for all personnel regarding technical compromise, secure communications, and safe informant handling.

Don't forget that motivated threat actors can leverage PII leaked by data breaches or doxing to target implicated individuals, or their families, with harassment or other threats. To minimize these doxing threats, you can train your personnel on how to sanitize their online presence by deleting inactive social media accounts, conducting open-source searches of their name and other personal information, opting out of data broker websites, and requesting removal of personal information from real estate websites.

For more information on ensuring your personnel are educated on cyber hygiene, check out our guide to Managing Your Online Presence.

4. What tools do we use to protect mission-critical systems?

To preserve the uptime of your CAD systems and other mission-critical systems, you need to implement tools that can enhance your web security against known threats.

After all, disruptions of PSAPs, CAD systems, license plate readers, traffic cameras, jail management systems, and other mission-critical systems can result in significant operational and public safety impacts. According to the June 2025 Multi-State Information Sharing and Analysis Center^® (MS-ISAC^®) and Motorola Public Safety Threat Alliance (PSTA) report, there was a 100% increase in CAD system disruptions in 2024.

As an LE executive, you should ensure these systems are protected by solutions like CIS’s Malicious Domain Blocking and Reporting (MDBR), which leverages a list of known or suspected bad domains to prevent an organization's computers from connecting to potential sources of malware, ransomware, phishing, and other cyber threats.

5. How quickly can we recover from a ransomware attack?

You need to use security best practices to ensure that downtime is minimal and recovery is as quick as possible in the event of a successful ransomware attack.

Ransomware and data breach incidents targeting your organization can result in the exposure of your personnel’s PII and significant operational impacts. It has been publicly reported that past ransomware attacks in California and New Jersey have forced LE organizations to revert to handheld radios and pen-and-paper documentation as well as rendered mobile data computers in LE vehicles inaccessible, which can compromise officer safety during responses to calls.

To improve data recovery and response, your organization should prioritize CIS Control 11: Data Recovery, which ensures that organizations maintain secure and tested backups, enabling your organization to restore operations without having to pay a ransom. Additionally, your organization should review and implement the Blueprint for Ransomware Defense, which incorporates the CIS Controls and provides foundational and actionable safeguards to protect systems against ransomware attacks.

Build Your Foundation for Mitigating LE Cyber Threats

Threat actors will likely continue exploiting LE’s reliance on networked technologies to steal data, disrupt technology, and demand ransoms, resulting in operational downtime. Within the last year, threat actors have increasingly targeted and disrupted mission-critical services and technologies using cyber techniques, impacting emergency services, downstream operations, and public safety, per the MS-ISAC and Motorola PSTA report. Additionally, there is an ongoing threat of your LE personnel being targeted via doxing or UTS, which can compromise officer safety and impede ongoing investigations.

By asking the five questions shared above, you can ensure your organization possesses the foundational level of cybersecurity needed to mitigate the broad range of cyber threats targeting LE today.

Want CIS to help you grow your cyber defenses?