The director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), Jen Easterly, recently spoke at the U.S. Conference of Mayors meeting in Washington, D.C., to address growing concerns over cybersecurity issues for local governments.
She discussed how ransomware and other cyber threats have permeated every sector and that they are something we will have to learn to deal with for a long time, but she wants discussions around cyber hygiene and risk mitigation to become just as common.
Easterly encouraged those in attendance to look at what they can do to prevent significant cyber issues, as she cited the Colonial Pipeline and JBS incidents from last year:
"We saw ransomware attacks on businesses large and small, on cities, on schools. It's really been a scourge.
Cyberthreats, ransomware, have become a kitchen-table issue for all of us. People don't necessarily like to think about it, because nobody wants to get attacked. My hope with all of you is to make cybersecurity a kitchen-table issue."
Easterly asked the mayors in attendance to confer with their CIOs and CISOs to make sure they have proper security protocols in place to reduce the risks of an attack.
She also noted the importance of migrating city systems to the cloud:
"We are in a space where we must modernize our technology. We can't win with legacy systems and legacy technology and just hoping having all our data on-prem is going to save us. To be honest, this is not easy. You need resources to make changes. But that is where you will be safe and secure for your city," Easterly said.
Key resources for cybersecurity
While Easterly discussed the need to improve cyber hygiene across the board—with simple things like updating software and using multi-factor authentication (MFA)—she also talked about important resources CISA offers that mayors and their CISOs can use.
One of those is StopRansomware.gov, a website that provides information on ransomware, steps to take after you've been hit with a cyberattack, a catalog of known exploited vulnerabilities, and lots of resources that can help improve cybersecurity.
Another resource is the suite of risk-assessment and vulnerability-scanning services, which CISA offers for free.
She also cited two newer resources: a list of cybersecurity advisors hired for all 50 states, and the $1 billion grant program created through last year's infrastructure spending plan, $200 million of which is scheduled to be distributed this year.
[RESOURCE: Hear the CISA Cybersecurity Advisor for the State of Connecticut speak at SecureWorld Boston, March 9-10, 2022]
Easterly is working with the Federal Emergency Management Agency (FEMA), the Department of Homeland Security's (DHS) unit responsible for distributing the funds. She is hoping to get the money out within "the next few months."
CISA will set goals, requirements, and funding priorities for the program, and will be approving state applications for funding, according to the DHS.
Original story from StateScoop.
