Everything You Wanted to Know About Cyber Attacks on Municipal Government

What is a Cyber Attack

A Cyber Attack is initiated by a person or a group of people against a website, computer system, or individual computer that compromises the confidentiality, integrity, or availability of the system or information stored on it. –  BitSentinal

A Cyber Attack is deliberate exploitation of computer systems, technology-dependent enterprises, and networks.

Cyber Attacks use malicious code to alter computer code, logic or data, resulting in disruptive consequences that can compromise data and lead to cybercrimes, such as information and identity theft. – Techopedia

Where Does a Cyber Attack Come From?

  • Cyberspace and its underlying infrastructure are vulnerable to a wide range of risks stemming from both physical and virtual threats and hazards.
  • Sophisticated cyber actors and nation-states exploit vulnerabilities to steal information and money and are developing capabilities to disrupt, destroy, or threaten the delivery of essential services.
  • US Department of Homeland Security

Why Would a Municipal Government Be A Target?

  • It is at the state and local levels of government that the preponderance of programs and services are administered, requiring the storage of extensive amounts of personal information.
  • The use of web technologies to facilitate government services continues to rise.
  • The result is increased opportunity for the criminal and vulnerability for the local government.

How Do You Know That You Have Been Infiltrated?

  • It’s not always immediately obvious that your systems have been breached but detection and response are critical. Immediate detection reduces the average cost of recovery dramatically .
  • When dealing with a Distributed Denial of Service (DDoS) attack it can be challenging to even determine if your website is down due to legitimate traffic or an attack. The key to telling the difference lies in the length of time the service is down – if slow or denied service continues for days, it is time to start to look into what’s going on.
     (DDoS is a type of DOS attack where multiple compromised systems, which are often infected with a   Trojan, are used to target a single system causing a Denial of Service (DoS) attack. WeboPedia)
  • If you detect an abnormality in content or operation, infiltration by Internet, malware, or hacking may be the cause.

Cyber Attack Prevention

  • Develop an Information Security Management Plan (ISMP) and test various scenarios so you are ready when an attack happens.
  • Invest in technology that allows you to know and monitor your network’s normal behavior.
  • Make sure you maintain sufficient server capacity for best performance under high load.
  • Know how to use your defensive strategy. Practice defensive actions to get it committed memory.
  • If necessary, outsource to a managed Domain Name System (DNS) provider who can redirect site visitors to hosts with advanced features. The (DNS) translates Internet domain and host names to IP addresses and vice versa.
  • Preparation is the key. Determine the financial impact and reputation damage of an attack to evaluate the size of the investment in prevention. The cost of an attack is usually far greater that the preventative investment.

In Case It Happens – Recovery Methods

  • An incident response plan, prepared prior to an attack, is an outlined course of action to establish a framework for the internal and external actions to be taken during and after a digital security breach.
  • One individual should be designated to lead the crisis response, overseeing a “response team” comprised of both internal and external personnel.
  • Response steps include:
    • IDENTIFY the problem.
    • CONTAIN the attack.
    • INVESTIGATE the crime and submit evidence to law-enforcement and investigators.
    • FOLLOW-UP the incident, notifying employees, residents and other government entities.
    • REMEDIATE the attack by changing company practices to prevent another breach.

Rules for Cyber Awareness

  • In order to provide essential public services, all levels of government must  ensure their cyber infrastructure is safe, secure, and resilient.
  • Join fellow government users in United States Computer Emergency Readiness Team (US-CERT) collaboration groups and programs to facilitate information and resource sharing on cybersecurity issues
  • Visit the Multi-State Information Sharing and Analysis Center (MS-ISAC) for cyber threat prevention, protection, response, and recovery for the nation’s state, local, territorial and tribal (SLTT) governments.
  • The New Jersey Cybersecurity & Communications Integration Cell (NJCCIC) at www.cyber.nj.gov is the State’s one-stop shop for cybersecurity information sharing, threat analysis, and incident reporting.
  • Share information an best practices through the National Institute of Standards and Technology (www.NIST.gov) Federal Agency Security Practices (FASP).
  • US Department of Homeland Security