Taking Risk Out of the System

How do you take the risk out of government networks while also empowering local decision-making and ensuring information flows between widely dispersed stakeholders?

That’s an issue faced by governments around the world and the U.S. is starting to take positive action to address this with its proposed Cybersecurity State Coordinator Act of 2020.

The legislation is currently being considered in Congress that would require local governments to appoint a cybersecurity leader for each state. The aim is to improve coordination and intelligence sharing between state and federal governments for both preventative measures and to speed up incident response times in the event of a cyberattack.

This a positive move from the U.S. government and the importance of coordination is all too apparent for two principal reasons. 

First, the networks that need defending get ever more complex. The picture is complicated enough looking only at federal, state and local governmental bodies. This complexity grows as we look across critical national infrastructure and wider industry, and grows exponentially when we consider the ecosystem of vendors and suppliers with systems that are interconnected and data that is shared. Threat actors are looking across this attack surface continually for routes into prized high-value targets.

Second, faster response times are a necessity to keep pace with the speed of the adversary. Cyberattacks against local governments seem to be on the rise. In December alone, for example, four U.S. cities were hit with ransomware, including two cities in Florida and one in both Louisiana and California. When you consider that the malware will have been present on the network for enough time for the adversary to exfiltrate and encrypt data, the importance of identifying suspicious behavior as early as possible is clear.

Our own analysis shows that malware newly observed domains are most active within the first two days and phishing domains also generate a high volume of queries rapidly.

Acting fast is therefore crucial and, if the proposed new cybersecurity coordinators can help to enable this, the benefits to states and to wider national security will be significant.

The U.S. is far from alone; governments around the world are grappling with the challenge of improving coordination of national cybersecurity in what can often appear to be a “patchwork” of organizations, missions and frameworks. There is a need to both find a way to maintain flows of information and understand decision-making across the country, while at the same time getting widely dispersed stakeholders—individual citizens, businesses, charities, etc.—to step up and take on the responsibility of addressing risks within their decision-making ambit. 

There may be lessons from across jurisdictions that can help face these shared challenges and so governments globally will be watching on with interest as Cybersecurity and Infrastructure Security Agency continue their important mission. The U.K.’s National Cyber Security Centre protects public sector networks across the entire country using a protective DNS service.

Collaboration is clearly critical, and with the Cybersecurity State Coordinator Act of 2020 currently being referred to the Committee of Homeland Security and Governmental Affairs, we’ll have to wait and see for the impact of this particular initiative.

Simon Staffell is director of Government and Defence at Nominet. He previously worked as a U.K. diplomat, including a posting to the U.S. as Counsellor for Security, Science and Technology.