By Todd Duncan, Law Enforcement and Safety Specialist

On January 31, 2024, FBI Director Christopher Wray issued a warning regarding the growing threat of cyberattacks stating that foreign hackers aim to “wreak havoc” on U.S. critical infrastructure. Considering this and other similar warnings issued by the FBI in the last few months, this month’s Safety Short will focus on the importance of effective cybersecurity policies and practices within county government.

Government IT infrastructure faces a myriad of cyber threats, ranging from sophisticated state-sponsored attacks to opportunistic cybercriminal activity. These threats pose significant risks to national security, public safety, and the integrity of government operations. To mitigate these risks, robust cybersecurity measures and strategies are essential.

Threat Landscape:

  • State-Sponsored Attacks: Nation-states engage in cyber espionage, sabotage, and warfare to steal sensitive information, disrupt critical services, or undermine government operations.
  • Cyber Espionage: Adversaries target government networks to steal classified information, intellectual property, and sensitive data for political, economic, or military gain.
  • Ransomware: County agencies are prime targets for ransomware attacks, where malicious actors encrypt critical data and demand ransom payments, causing operational disruptions and financial losses.
  • Insider Threats: Malicious insiders or unwitting employees may compromise county government systems through negligence, malicious intent, or social engineering tactics.
  • Supply Chain Vulnerabilities: Dependencies on third-party vendors and contractors introduce vulnerabilities, allowing attackers to exploit weaknesses in the supply chain to infiltrate government networks.

Recommendations for Protection:

  • Implement Robust Cyber Hygiene: Implement a countywide cybersecurity policy, enforce strong password policies, regularly update software and systems, and conduct security awareness training to mitigate common attack methods like phishing and social engineering.
  • Deploy Multi-Layered Defense: Employ a combination of firewalls, intrusion detection systems, endpoint protection, and encryption to safeguard county networks from unauthorized access and malware.
  • Adopt Zero Trust Architecture: Restrict access to sensitive data and critical systems based on user identity, device posture, and contextual factors, reducing the risk of lateral movement by attackers.
  • Enhance Incident Response Capabilities: Develop and regularly test incident response plans to detect, contain, and mitigate cyber incidents promptly, minimizing the impact on government operations and restoring services effectively.
  • Strengthen Collaboration and Information Sharing: Foster partnerships between county government, law enforcement, intelligence communities such as the Nebraska Information and Analysis Center (NIAC), and private sector organizations to share threat intelligence, best practices, and resources for collective defense against cyber threats.
  • Regulate and Monitor Third-Party Relationships: Implement stringent security requirements for vendors and contractors, conduct regular assessments of third-party security posture, and monitor supply chain activities to detect and mitigate potential risks.

In conclusion, safeguarding county IT infrastructure against cyber-attacks requires a comprehensive and proactive approach, combining sound cybersecurity measures, effective risk management strategies, and close collaboration among stakeholders. By prioritizing cybersecurity, county agencies can better protect critical assets, reduce risk, and preserve public trust in an increasingly digital and interconnected world.

Additional Resources: