Why Whole-of-State Cybersecurity Is the Way Forward

U.S. State, Local, Tribal, and Territorial (SLTT) government organizations suffered their fair share of ransomware attacks in 2021. Take local government entities as an example. They were the second highest victimized group behind academic that year, according to a private industry notification (PIN) from the FBI. Between January and December 2021, Emsisoft observed 77 ransomware attacks involving these bodies. The attacks generally targeted smaller municipalities and counties, with the security firm putting the total cost of the attacks to taxpayers at $623 million.

Clearly, many SLTTs can stand to improve their defenses against ransomware and other threats like supply chain security incidents and data wipers. But SLTT organizations can't always afford to do this on their own. Many don't have the internal resources and cybersecurity professionals to achieve economy of scale and gain visibility of their interconnected systems. Fortunately, they don't have to do this on their own. There's an approach by which SLTTs can pool their resources together in the name of navigating all these challenges. Let's explore how to put this approach into practice.

The primary ransomware threat confronting SLTTs is the harm that constituents can experience in the aftermath of an attack.

"Recent reporting indicates ransomware incidents against local governments resulted in disruptions to public and health services, emergency and safety operations, and the compromise of personal data," the FBI explained in its PIN. "These types of attacks can have significant repercussions for local communities by straining financial and operational resources and putting residents at risk for further exploitation."

Several incidents in 2021 provided real-world evidence of this harm. In May, cyber threat actors (CTAs) infected a U.S. county network with PayOrGrief ransomware. The attack affected some of the county's servers and disrupted online services including scheduling COVID-19 vaccination appointments. Additionally, those responsible for the attack made off with 2.5 GB in stolen information including internal documents and personal data.

Just a few months later, the FBI learned that CTAs had infected another U.S. county network with ransomware. The attack forced the closure of the county courthouse, delaying scheduled legal proceedings. It also involved the theft of personal information from residents, employees, and vendors, data which the CTAs sold on the dark web after the county refused to pay the ransom.

These ransomware attacks are one of several challenges that has led to many in the industry advocating for a whole-of-state cybersecurity approach. It's a methodology where SLTT leaders work together to increase the availability of their cybersecurity resources and facilitate the sharing of information throughout the community. This is especially relevant at the state level, reported GovTech, as leaders there can use a whole-of-state cybersecurity approach to provide local governments and other underfunded entities with tools they need to safeguard their systems.

Whole-of-state cybersecurity is gaining in popularity for a few reasons. One factor is that this methodology acknowledges shared cyber risks between organizations in the same industry. With respect to the public sector, malicious actors don't discriminate between different levels of government. SLTTs of all sizes and types share these risks, so by sharing their resources, they can increase their level of defense both individually and as a community.

Another factor driving SLTTs and other organizations to embrace whole-of-state cybersecurity is reduced duplication of work and effort. State, local, tribal, and territorial entities can't go it alone when it comes to managing shared cyber risks. They just don't have the necessary resources or internal expertise to make it work. And the increasing interconnectivity of systems is only making the challenges more complex and difficult to contain.

Fortunately, SLTTs don't need to come up with an answer on their own. The Center for Internet Security (CIS) has been working for more than two decades on solutions that streamline this duplication, save time, reduce costs, and improve efficiency for all SLTTs. We leverage our Multi-State Information Sharing and Analysis Center (MS-ISAC) to provide incident response and remediation along with tactical, strategic, and operational intelligence to all SLTTs. In doing so, we cultivate an effective level of security that's shared across the U.S. public sector – all at no cost to the member organizations themselves.

Download this factsheet to learn why whole-of-state cybersecurity works for everyone.

A whole-of-state approach to cybersecurity can help different organizations draw upon the experience and resources of one another for building a coordinated defense posture. In the public sector, the MS-ISAC is a community through which SLTTs can already do this. To get started on this path, all organizations need to do is become a part of this growing community.