Free cybersecurity tools for state and local governments

Cybersecurity tools are freely available to many local governments — they just need to know to ask for them, a panel of experts said during a webinar hosted by the National Association of Counties.

“One of the challenges I’ve had over the past few years is knowing what resources we should be taking advantage of and being able to tell the difference between an organization providing one resource and another,” said Rita Reynolds. , CIO of NACO, at the January 26 event. titled “Advanced security resources available to local government through the Center for Internet Security”.

A tool freely available to all state, local, tribal, and territorial governments that are members of the Center for Internet Security’s (CIS) Multi-State Information Sharing and Analysis Center (MS-ISAC) and the Center for Information Sharing and Analysis The Election Infrastructure Information Analysis (EI-ISAC) is a Malicious Domain Blocking and Reporting (MDBR) service. CIS strives to provide this through a partnership with the Federal Agency for Cybersecurity and Infrastructure Security and Akamai.

MDBR acts as an agency’s Domain Name Service (DNS) and prevents endpoints and systems from connecting to malicious domains.

“It prevents malicious traffic by blocking it and not allowing it to resolve,” said Eugene Kipniss, director of partnerships and stakeholder maturity at MS-ISAC. “Every search attempted from your organization by anyone using your DNS centrally will be checked against a list of known bad domains. He’s going to be checked for suspicion levels.

More than 4,000 state and local MS-ISAC members are enrolled in the MDBR program, and it has blocked 3 billion DNS queries out of 592 billion total queries since 2020, or 0.5% of all traffic routed through it. said Kipniss.

While that sounds small, “consider the number of digital contact items you have in your organization, the number of people and end users, the number of programs that are going to tag and take advantage of DNS, whether for web browsing or for other applications and processes and needs,” he said. “If you think about the amount of mass, the sheer volume of interactions that our computer systems have with DNS, half a percent being bad, it’s scary. It’s that half a percent that can cause you to do overtime per week trying to solve a problem.”

Of the blocked requests, 65% were known malware domains, 22% were related to malicious command and control, and 5% were related to phishing.

To set it up, government agencies need to change their DNS to Akamai’s DNS server, which runs MDBR. It can be installed in less than 15 minutes, added Kathryn Boockvar, CIS vice president of election operations.

Another tool is endpoint detection and response (EDR), which is software that collects data from workstations and servers – endpoints – and transmits it to a server for analysis of suspicious threats. If it finds one, the affected machine is isolated until someone can investigate and fix the problem.

The federal government provided free EDR licenses for anything related to local election work. “Your entire election office — every computer you have — could get it for free,” Boockvar said, adding officials can use it beyond election-related apps for a $60 per point fee. final and per year.

For EDR, CIS partnered with CrowdStrike in November 2021 to provide fully managed CIS Endpoint Security Services (ESS). Suitable for state, local, territory and tribal entities, it includes more than 12,000 MS-ISAC members with more than 14 million total terminals.

ESS comprises five modules that use the CrowdStrike Falcon platform and run through CIS’ Security Operations Center (SOC). One is a next-generation antivirus module that can monitor for malicious threats using known signatures and behaviors that indicate a threat. It pairs with the second module to automatically quarantine a potentially problematic machine. Within 10 minutes of detection, SOC analysts can rule out false positives and alert the appropriate part of the relevant agency.

The third module allows agencies to instruct the SOC to run asset and application inventory and monitor user access to monitor malicious devices on the network. The SOC provides a report on which machines and applications are running, what versions they are using, and if anything looks suspicious.

The fourth module involves controlling USB devices so that agencies know every USB plugged into their network and allow them to set rules, for example, like blocking all but a certain type of USB from accessing their networks.

Finally, firewall management allows agencies to push rule updates to any device live, whether connected to the cloud or an on-premises location.

“The days when there was a firewall and a [anti-virus] are complete,” said Jamie Ward, Head of Cybersecurity Solutions at MS-ISAC and Mayor of Mayfield, NY. known as EDR, really shine.

Additionally, this spring, CIS will launch a peer-to-peer collaboration portal for MS-ISAC and EI-ISAC members that will enable mailing list and file-sharing capabilities to facilitate communication across jurisdictions. It is also preparing the “Essential Guide to Election Security” in hard and electronic format, with a plan for continuous updating of the digital version.

“It is one of the NACO’s cybersecurity priorities that all counties join both MS-ISAC and EI-ISAC,” so they can take advantage of these resources, Reynolds said. .

Stephanie Kanowitz is a freelance writer based in Northern Virginia.

Comments are closed.