by Kelsey Brewer, policy manager, Association of California Cities-Orange County
Integration of technology into local government functions has increased at an exponential rate over the past 10 years. As cities continue to integrate smart technology into the day-to-day functions of local government, the need for strong safeguards against attacks are critical to maintaining system integrity.
Much of the conversation around cybersecurity for local governments focuses on avoiding attacks in the first place. Recommendations such as those discussed in the December 2017 issue of LGR: Local Government Review (powered by TownCloud) often include conducting threat assessments, investing in continuous monitoring systems, and training employees to avoid social engineering tactics often used by hackers to manipulate their way into sensitive systems. These are, of course, all valuable investments and steps to take when considering how to protect sensitive information from cyber-attack.
But what happens when, despite all the best planning and precautions, a cyber-attack is successful?
Almost every city in the United States has a Community Emergency Response Team. These programs help educate volunteers in disaster response skills such as fire safety, search and rescue, and basic first aid and were created to respond to physical and natural disasters in which, despite the best preparation, an emergency situation requires a quick and efficient response. As cyber-attacks become more sophisticated, the likelihood of experiencing an emergency-level attack increases. Just as cities should invest in emergency responses to physical disasters, so should they invest in emergency responses to the digital world.
The concept of Computer Emergency Response Teams for local governments is presented by Microsoft in its Developing a City Strategy for Cybersecurity: A Seven-Step Guide for Local Governments whitepaper. These teams are comprised of experts from the private, government, and academic worlds and are meant to help coordinate the public response in case of a cyber incident. Computer ERTs take investments that cities have made on the front-end of cybersecurity (threat assessments, continuous monitoring, etc.) and use the information gathered from them to help the public and private sector respond in case of an emergency.
Threat assessments conducted by cities will show where there are vulnerabilities within systems, what information attackers are most likely to go after, and what should constitute as a high-level priority and low-level priority in case of an attack.
Computer ERTs then take this information to help assess credible threats and, in the case of an attack, take the lead on directing the cities’ response. In California, the city of Los Angeles has embodied the idea of a Computer ERT in their Cyber Intrusion Command Center. Members meet on a regular basis to discuss common threats and possible methods of defusing them. But even smaller entities can employ the same method. Orange County, California's OC Intelligence Assessment Center has a dedicated team whose role is to not only assess cyber threats but to serve as the lead in post-incident mitigation, coordinating the necessary responses from both the public and the private sector.
As cyber-attacks become more common, the general public’s expectation that their government is ready to react will only increase. In the past, claiming inexperience and unfamiliarity may have been a sufficient explanation for a lackluster emergency response to a cyber-attack. But as cities and their residents continue to integrate more and more technology into everyday functions, the need to plan for the inevitable becomes imperative. Anything short of enthusiastic preparedness becomes negligence of the digital disasters lurking underneath our keyboards.
3 Tips for Forming a Computer Emergency Response Team
1. Be Thoughtful about the Membership of Your Computer ERT
There are a couple things to consider when putting together the membership of your Computer ERT. The first is to ensure that all critical services that your city offers or contracts are represented on your team. Having representation from these groups will ensure a more robust dialogue when discussing how to protect these services from attack and how to bring them back online quickly should they be compromised. Cities should also consider geographical issues when developing a Computer ERT. Are there critical resources that you share with another city through a joint powers authority? Is the electrical grid control center that your city is dependent on located in another jurisdiction? If so, these outside entities should always be a part of your Computer ERT membership.
2. Create External Incident Classifications
Have your Computer ERT create incident classifications to ensure a quick and appropriate flow of resources. These classifications will determine when it is appropriate to notify the city of an incident or when it is important for the city to provide resources to external entities as part of the general response to an attack. While some Computer ERTs may focus on when an attack compromises functions or assets controlled by a local government, it is possible that an attack could target non-government-controlled resources that will impact a municipalities’ ability to function. Some cities, for example, do not operate their own water district, but a threat to the local water transportation networks would certainly impact the ability of a city to operate. Classifying such an attack as “response-worthy” for a Computer ERT will help streamline resources if necessary.
3. Run Test Drills
Just like disaster preparedness, running test drills of response systems is critical to evaluating the effectiveness of current cyber-attack responses. Test drills should occur on a periodic basis and should evaluate the Computer ERT's response and ability to quickly coordinate internally and externally quickly and effectively.
Kelsey Brewer is policy manager, Association of California Cities-Orange County, an organization dedicated to representing the interests of Orange County’s 34 cities through education that empowers, policy that is collaborative, and advocacy that is service oriented.
To learn more about cybersecurity issues and practices of local governments, download LGR: Local Government Review, powered by TownCloud. This special section of Public Management (PM) magazine is offered to ICMA members as a member benefit.