Legislation is currently being considered in Washington DC that would require local governments to appoint a cyber security leader for each state. The aim is to improve coordination and intelligence sharing between state and federal governments for both preventative measures, and to speed up incident response times in the event of a cyber attack.
The importance of coordination is all too apparent for two principal reasons. First, the networks that need defending get ever more complex. The picture is complicated enough looking only at federal, state and local governmental bodies. This complexity grows as we look across CNI and wider industry, and grows exponentially when we consider the ecosystem of vendors and suppliers with systems that are interconnected and data that is shared. Threat actors are looking across this attack surface continually for routes into prized high value targets.
Second, faster response times are a necessity to keep pace with the speed of the adversary. Cyber attacks against local governments seem to be on the rise. In December alone for example, four US cities were hit with ransomware, including two cities in Florida and one in both Louisiana and California. When you consider that the malware will have been present on the network for enough time for the adversary to exfiltrate and encrypt data, the importance of identifying suspicious behavior as early as possible is clear.
Our own analysis shows that malware Newly Observed Domains (NODs) are most active within the first two days and phishing domains also generate a high volume of queries rapidly.
Acting fast is therefore crucial and, if the proposed new cyber security coordinators can help to enable this, the benefits to states and to wider national security will be significant.
The USA is far from being alone; governments around the world are grappling with the challenge of improving coordination of national cyber security in what can often appear to be a “patchwork” of organizations, missions and frameworks. There may be lessons from across jurisdictions that can help face these shared challenges and so governments globally will be watching on with interest as CISA continue their important mission.
One element of this challenge is how to achieve what, on the surface, can look like contradictory aims. CISA, responsible for cyber security across the whole of the United States, needs to both find a way to maintain flows of information and understand decision making across the country, while at the same time getting widely dispersed stakeholders – individual citizens, businesses, charities, etc – to step up and take on the responsibility of addressing risks within their decision-making ambit.
It is a challenge that is very close to our hearts at Nominet. The Protective DNS service that we run on behalf of the NCSC is on the one hand a way for central government to take risk out of the system by protecting public sector networks across the entire United Kingdom. However, at the same time, PDNS is also a tool to inform and empower departments up and down the country with data that can enable them to see potential threats on their networks and address them.
NCSC’s review of Active Cyber Defence (ACD) highlights some great case studies that exemplify these challenges, and show the breadth of protection that the ACD is providing two years in. It will be interesting to see this evolve in the next year as both flows of information and access to innovation continue to turn dispersed stakeholders into a united force against cyber attacks.
Simon Staffell is Director of Government and Defence at Nominet. He previously worked as a UK diplomat, including a posting to the USA as Counsellor for Security, Science and Technology.