Threat information sharing and endpoint protection will help prevent cyberattacks on critical infrastructure, state CISOs say.
The conflict in Ukraine has put chief information security officers (CISOs) on high alert for attacks on critical infrastructure.
Though foreign actors have historically targeted federal agencies, threat activity that could disrupt crucial systems has increased across the board, Virginia CISO Michael Watson said during an April 20 ATARC webinar: Combating Cyber Attacks Within State and Local Governments.
Because cyberattacks on critical infrastructure can directly affect citizens, state cybersecurity officials like Watson are partnering with the private sector to share information and better understand impacts.
Foreign actors trying to hack into electric grids has accelerated Virginia’s efforts to “make sure that we’re walking that very unclear line about how do we prepare our our private sector folks as well as how do we – states and locals and other government entities – make sure that we’re ready to go in the case something does happen,” Watson said.
Ransomware has continued to be a pervasive threat as well, said Jim Richberg, Fortinet public sector field CISO and vice president of information security, especially as the rise of ransomware-as-a-service has given hacking groups a steady revenue stream.
“These groups are cohesive,” Richberg said. “They can spend more time on research. They're faster to weaponize exploits. They're so specialized they have help desks for their affiliates and for their customers.”
North Dakota CISO Michael Gregg also discussed the importance of intelligence sharing, noting that his department holds monthly calls with cities, counties, school districts and political subdivisions where they share any threat activity they have seen. Gregg also pointed to efforts by the state’s Joint Security Operations Center. In partnership with five other states, the JSOC shares threat information that it tags with the framework used by Verizon’s annual Data Breach Investigation Report format so the data is easily consumable by partners.
Given the changing dynamics of ongoing cyber conflicts, panelists stressed the importance of anticipating threats rather than controlling damage after the fact. With about 250,000 endpoints in North Dakota’s environment, Gregg said endpoint protection was one of his chief priorities when he assumed office.
“One of the things that I pushed very hard for over the last two years is really getting coverage for all our basic security tools out to those endpoints,” he said. “That complete coverage and the ability to see what's there is key to help you move from a more responsive mode to a prevent and detect model.”