On November 17th, 2023, the Cybersecurity and Infrastructure Security Agency (CISA), “America’s Cyber Defense Agency,” announced plans to expand their cybersecurity services to local governments.
The program is “designed to deliver cutting-edge cybersecurity shared services on a voluntary basis to critical infrastructure entities that are most in need of support,” according to their PRESS RELEASE.
Local Government in Focus
The expansion aims to provide tailored cybersecurity services to state, local, tribal, and territorial (SLTT) governments, election infrastructure, and national critical functions.
For SLTT’s, this is potentially great news. SLTT’s often have limited resources for cybersecurity. Limited budgets mean limited software and staffing for cybersecurity. This makes it challenging, if not impossible, to implement real cybersecurity solutions.
Since many SLTT governments are still using old computer systems, they can have weaknesses that hackers can exploit. It can be hard to upgrade or replace these systems. Upgrades can cost a lot of money and take a long time.
Crucially, SLTT’s handle a ton of important information about us, like our personal information and financial records. So, it’s important to make sure that this information is stored and transmitted securely to protect our privacy.
For these reasons, SLTT governments are key targets for cyberattacks like ransomware and phishing.
Many “Security” Services Lacking
Some SLTT governments do employ third-party companies to help with their computer systems. But if those companies don’t have good security practices, or if the SLTT governments do not effectively manage and monitor vendor access or data exchange, it can create more cybersecurity risks.
Security Training is Key
Lastly, it’s important for everyone in the government to be aware of cybersecurity and have the right training. SLTT government employees and officials may not always have adequate awareness or training in cybersecurity best practices. This can leave them susceptible to social engineering attacks or unintentional security breaches.
To help with all these challenges, this program will provide CISA valuable data regarding current cybersecurity practices in local governments and trending incidents across the country. The pilot program is introducing “a cost-effective way to gain greater insight into our evolving threat environment, establish a common baseline of cyber protection, and, most importantly, reduce the frequency and impact of damaging cyber events,” according to the release. This should provide a goldmine of data in terms of threat assessment and identifying areas of greatest need.
The pilot program will start with 100 new entities. It will look for improvements to make, identify gaps in knowledge or resources, and test the scalability of the program.
So, in summary, CISA aims to make sure more sectors of our critical infrastructure are protected from cyber threats. They will research areas of need, and make sure that everyone is aware and prepared to handle these threats.
Remember, cybersecurity is really important to keep our information safe and protect our critical systems. Stay safe online, make sure to use strong passwords and be careful with what you share!
Of course, if you’re looking for a qualified Cybersecurity provider to help you secure your company’s systems, please don’t hesitate to give Acuity a call.
