Cybersecurity and Infrastructure Security Agency offers services to cities, towns

The U.S. Cybersecurity and Infrastructure Security Agency offers a range of free services to help cities and towns protect against cyberthreats, the agency’s interim director for Massachusetts, Richard Berthao, told the Massachusetts Mayors’ Association during the group’s monthly meeting on Feb. 16.

Berthao said financially motivated actors remain the biggest threat to local governments.

Speaking at the U.S. Conference of Mayors meeting in January, CISA Director Jen Easterly warned, “Cybercriminals are relentless. They’re increasingly sophisticated. … [They’re] looking for the most vulnerable points. Software that hasn’t been updated. Someone who isn’t using multi-factor authentication. It’s the lack of really effective cyber hygiene that causes these.”

Berthao acknowledged that the problem can seem overwhelming, but said it’s important to take whatever steps are possible and to keep making progress.

“The problem is here to stay … just as crime is,” he said. “We need local leadership involved in this process.”

Berthao said the CISA offers four key resources to municipalities:

• StopRansomware.gov, a website created last year to provide alerts and guidance about extortion malware

• A range of free risk-assessment and vulnerability-scanning services (such as a cyber resilience review, a cyber infrastructure survey, onsite cybersecurity evaluation tool assessment, and phishing campaign assessment)

• Cybersecurity advisers

• Resources being made available through a $1 billion grant program created in last November’s Bipartisan Infrastructure Law

He said cisa.gov provides a one-stop shop for cyber resources, including all CISA-issued Activity Alerts, a cyber incident reporting portal, and a CISA free service and resource guide for assessment and vulnerability scanning. Local leaders may visit www.cisa.gov/uscert/ncas to subscribe to any of the National Cyber Awareness system products or feeds.

Berthao cited three key takeaway points:

• Ransomware, information stealers, and banking trojans are still the most likely threat to organizations, typically originating as “phishing” activity. Cyber awareness training is where this defense starts.

• Local leaders should continue to focus their efforts around building a “cyber hygiene” organizational culture first, then build detection and response capacity to identify and contain known malicious activity quickly.

• Public and private partnerships can make a big difference.

“We have come a long way when it comes to threat information sharing across the cybersecurity community,” he said, “and it is absolutely making a difference in our ability to respond and deter the threat actor. CISA values this partnership and is counting on this community approach to better protect and safeguard the homeland.”

“We are all in this together,” Easterly told the mayors conference in January. “So reach out to us if you have anything like this happen. … We are here to render assistance, and to help you get back up and running. We can help … advise on what you need to do to rebuild your data and your systems.”