For local governments, fending off cyberattacks has become even more challenging in recent months due to attacks like the SolarWinds breach and Microsoft Exchange (email) exploit, as well as the current pandemic environment and resulting increases in cloud adoption and remote work.
These recent events, coupled with the rise in ransomware, IoT devices, and user credential harvesting, are raising the security bar for what counties need to implement and what they should be doing with end-users as it pertains to cybersecurity.
The National Association of Counties, through the NACo Telecommunications and Technology Policy Steering Committee, established the following priorities:
- Funding assistance in any form deemed necessary to provide for the information technology resources required to adequately provide security at all levels;
- Funding assistance for basic security awareness training of employees and advanced security training for information technology professionals within local government including assistance in the completion of advance certification and degree programs;
- Cooperative efforts in information sharing among all federal, state, and local governments in addition to private sector organizations regarding breaches, potential threats, threat levels, and any techniques that would assist in the prevention or mitigation of cyber-related threats;
- Collaborative efforts in the form of committees or task forces that are inclusive of local government membership with federal agencies such as the Department of Homeland Security and subprograms such as NCC, US-CERT, and ICS-CERT;
- Creation of programs and initiatives that designate local government Cybersecurity liaisons and/or representatives that serve in conjunction with federal agencies such as the Department of Homeland Security.