Safeguarding the Nation’s Critical Infrastructure

The resilience of critical infrastructure is a key factor in the security of any nation. The US security infrastructure has sixteen sectors whose assets, systems, and networks influence food supply, water, financial services, public health, power and more.

Previously, cybercriminals used to ignore local sectors like state/municipal governments and first responders to go after larger targets. Now, cybercriminals and hackers are getting more interested in smaller businesses and organizations who often have fewer security measures in place. As a result, state and municipal governments are being attacked more often.

How to Safeguard the Nation’s Critical Infrastructure

Unfortunately, according to the 2017 US State and Federal Government Cybersecurity Report, government organizations are among the bottom performers in overall industry security ratings (only above telecommunications and education). As local governments constitute a big portion of the overall national infrastructure, it’s becoming more critical to pay attention to the security vulnerabilities of these smaller, often less-secure, entities.

 

Why Hackers Target State and Local Governments

As corporations started to implement preventive measures to stop cybercrimes, it became harder for hackers to penetrate corporate firewalls. But smaller organizations like state and local governments still provide easy opportunities due to the following reasons:

Lack of Security: Many state and municipal agencies (libraries, police departments, county courthouses) are often under-resourced. They also don’t have the necessary IT security expertise on-staff to implement a comprehensive strategy, making it difficult for these organizations to prepare for cyber attacks. Furthermore, many agencies don’t prioritize possible infrastructure threats. Security takes a back seat to more pressing matters.

Lack of Funding: Agencies often lack the funding to purchase preventive solutions like the latest antivirus software or firewalls. In the case of budget cuts, security measures are often first to go. This leads to a target-rich environment for hackers.

Private Information: Government offices are rich sources for finding sensitive and personal data. Their networks can also be the gateway to federal databases. So more hackers and cybercriminals are launching attacks focused at states and municipalities.

The Risks of Infrastructure Vulnerabilities

The small-scale attacks on local infrastructure can have enormous consequences. The recent attack on the city of Atlanta serves as a cautionary tale. Hackers used a malware called SamSam to ask the city of Atlanta for a $50K ransom. Even though it’s not clear if the city paid, the hackers didn’t remedy the situation. The city had to recover on its own–to the tune of $2.6 million.

But cybercriminals are not the only concern for state and local infrastructure. Local government officials should also be aware of the effects of various policy changes. For example, the repeal of net neutrality has created new challenges. During the recent California wildfires, Verizon throttled the network bandwidth of the fire department, even though the department asked for an exemption. It created a communication crisis for first responders during the emergency, leaving lives and property at risk. As a result, the fire department has filed a case against Verizon.

 

How to Protect Government Networks

For local governments, the solution to various infrastructure problems is preparation. Here are some steps to take:

Train Employees: Organizations think that cyber attacks are sophisticated. Yet, in many cases, hackers gain access to network infrastructure through social engineering. They use simple techniques like phishing emails and physical visits to local offices. Organizations should train their employees to recognize these scams to help prevent a large number of attacks.

Security and Recovery Plan: Sooner or later every organization will have to deal with a cyber attack. So state and municipal agencies should invest in high-quality solutions like firewalls and anti-malware. They should create backup and recovery plans to get systems up and running after an attack to minimize productivity loss. It’s also a good IT practice to run regular security drills to prepare for catastrophic situations.

Offsite Data Backups: Previously, only enterprise-level corporations with deep pockets could afford data centers for offsite backups, but cloud computing has made offsite data backups affordable for organizations of all sizes. Agencies should take advantage of this new resource. Many backup and recovery services utilize both local and remote storage to help minimize risk. In the age of ransomware, agencies skip backups at their own peril.

 

Taking Government Protection to the Next Level

As a state or municipal government official, you have a heavy burden on your shoulders. You are responsible for the future security of this country. Untangle has helped a lot of small and large organizations secure their infrastructure. Learn about how NG Firewall has helped Lancaster County Government and the City of Bridgeton secure their infrastructures. For a live demo of Untangle, contact us today.

References:
Link 1, Link 2, Link 3, Link 4, Link 5, Link 6, Link 7, Link 8, Link 9, Link 10