1.Every level of government, spanning from small localities to large federal agencies, must develop stronger partnerships and quicker coordination to address the increasing number of cyberthreats imposed by organized crime, unfriendly nation-state agents, and insider threats (Lohrmann, 2014). Lohrmann (2014) notes that cyber attack methods have metastasized within cyberspace’s short history and as a result, both sensitive information and critical infrastructure assets are affected (para. 4). In order to help combat the cyber threats state and local governments face, it is recommended that they turn to the Multi-State Information Sharing & Analysis Center, headquartered in both VA and NY (“Center for Internet Security”, 2016). The Center for Internet Security (CIS) (2016) identifies the MS-ISAC mission as fostering collaboration between its members, private industry and the Department of Homeland Security to bolster the cybersecurity posture of various levels of government (“Mission & Objectives”, para. 1).
The way MS-ISAC enables state and local governments to reduce risks of data breaches is through 10 core services including a) Managed Security Services; b) Netflow Monitoring and Analysis; c) Incident Response; d) Advisory Services; e) Threat Notification; f) Vulnerability Assessment; g) Information Sharing; h) Education and Awareness; i) DHS Initiatives Coordination; and j) Consulting Services (“Center for Internet Security”, 2016). Additionally, CIS MS-ISAC (2016) identifies five critical controls that help reduce risk associated with cyber threats: 1) Ensure only authorized hardware devices have access to an accredited network; 2) Ensure only authorized software is installed on the network via a whitelist; 3) Standardize hardware and software configuration across all platforms (i.e. mobile devices, servers, PCs); 4) Conduct vulnerability scans and re-mediate findings on an ongoing basis; and 5) Limit the deployment and utilization of administrative accounts, and focus auditing on these accounts (Top 5 CIS Controls).
Complementing the services provided by MS-ISAC, state and city governments can also partner with local private businesses that have expansive enterprises which process, store or transmit personally identifiable information (PII) and protected health information (PHI). Partnering with the private sector allows city governments to incorporate best business practices that have been tested and proven by Fortune 500 companies who rely on effective solutions. Finally, a blog by TaaSera (2016) mentions there is another group called, the “Security Innovation Network (SINET)”, that can help strengthen public-private partnerships (para. 6). SINET was founded by a former Secret Service agent and its mission is to establish relationships between business and government cybersecurity leaders to identify solutions to protect U.S. assets (TaaSera, 2016, para. 6).
Center for Internet Security. (2016). Msisac.cisecurity.org. Retrieved 26 September 2016, from https://msisac.cisecurity.org/.
Center for Internet Security. (2016). Msisac.cisecurity.org. Retrieved 26 September 2016, from https://msisac.cisecurity.org/about/services/.
Center for Internet Security. (2016). Cisecurity.org. Retrieved 26 September 2016, from https://www.cisecurity.org/critical-controls.cfm.
Government Needs the Private Sector to Improve Cybersecurity | TaaSera Preemptive Breach Detection. (2016). Taasera.com. Retrieved 26 September 2016, from https://www.taasera.com/blog/government-needs-private-sector-improve-cybersecurity.
Lohrmann, D. (2014). MS-ISAC: Cybersecurity Collaboration is Needed Now More than Ever. Govtech.com. Retrieved 26 September 2016, from http://www.govtech.com/blogs/lohrmann-on-cybersecurity/The-MSISAC-Story-More-Than-a-Decade-of-Growing-Membership-and-Influence.html.
2. Multi-State Information Sharing and Analysis Center, also referred to as MS-ISAC, is the central point for cyber threat analysis, prevention, protection, response and recovery for all levels of government, including state, local, tribal, and territorial (CISecurity, 2016). It covers cybersecurity operations 24 hours a day, seven days a week, with real-time monitoring of cyber threat early warnings, mitigation, and responses (CISecurity, 2016). They share information between private sectors and the department of Homeland Security creating a more secure state of cybersecurity.
Membership to MS-ISAC is open to anyone, for a fee, and depending on the membership level there are many different securities which can help any organization, including but not limited to: cybersecurity training and awareness classes, 24 hour network monitoring, technical assistance, and more (CISecurity, 2016).
Will working with MS-ISAC reduce the risks of data breaches in my organization? Why or why not?
When it comes to security risks to sensitive data any and all help with security is needed. With MS-ISAC offering real-time monitoring of all networks within an organization it is a great opportunity to add much needed security to essential networks. If an organization attempts to secure infrastructure, to include sensitive information alone, with no outside help or resources, it will fail and there will be breaches. Gaining outside help from the ISAC is a great resource; â€œItâ€™s a matter of cyber life and death. You canâ€™t do this alone.â€ (Lohrmann, 2014).
Who else could each city partner with to reduce the risks and impacts of data breaches?
There are many things an organization can do to help prevent data breaches, and the most efficient is information sharing. This can be done through joining MS-ISAC or other similar groups. There are several companies who offer similar services to ISAC, some of these include: id Experts, Lifelock Business, VeraCode, and more. Alternatively, if outside resources are not wanted, due to price or any other reason, it is extremely important to hire a cybersecurity professional, or team, who is well trained and able to secure sensitive data on the network.
CISecurity (2016), MS-ISAC: Multi-State Information Sharing & Analysis Center, Center for Internet Security, Retrieved from https://msisac.cisecurity.org/
Lohrmann, D. (September 21, 2014), MS-ISAC: Cybersecurity Collaboration is Needed Now More than Ever, Government Technology, Retrieved fromhttp://www.govtech.com/blogs/lohrmann-on-cybersecurity/The-MSISAC-Story-More-Than-a-Decade-of-Growing-Membership-and-Influence.html