Updates from the Resource Center for State Cybersecurity team, February 28, 2022
Resource Center Announcements
Overview of State Cybersecurity Workforce Development Initiatives
The NGA Center for Best Practices recently conducted a 50-state scan of cybersecurity workforce development efforts. The resulting research document captures state programs, offices, initiatives, partnerships, and public higher education institutions that are building the cybersecurity sector. This research is intended to help Governors’ advisers identify pertinent approaches and coordinate with appropriate partners in their states.
NGA Publication on Addressing Foreign Threats in U.S. Critical Energy Infrastructure
In January, the NGA Center published a new report, States’ Role In Addressing Foreign Threats In U.S. Critical Energy Infrastructure Sectors, examining the vulnerabilities of critical energy infrastructure to foreign threats and identifying actions Governors can take to address those vulnerabilities.
Cybersecurity Resources
DHS CISA Cyber Incident Resource Guide for Governors
DHS has released a new Cyber Incident Resource Guide for Governors developed by CISA to aid cybersecurity incident response planning and cybersecurity resilience. This guide will assist states when requesting federal support and provides a framework for state coordination to mitigate risks posed by cybersecurity incidents.
CISA “Shields-Up!” Message
Due to current geopolitical tensions, CISA issued a “Shields-Up!” message and launched the https://www.cisa.gov/shields-up website for information on threats, mitigations, and response information. Cybersecurity coordinators are strongly encouraged to review the information on the Shields-Up website and the recent Joint Cybersecurity Advisories published on this topic.
CISA, FBI, and NSA Release Cybersecurity Advisory on Russian Cyber Threats to U.S. Critical Infrastructure
CISA, FBI, and NSA have released a joint advisory entitled Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure. This advisory is part of ongoing efforts to reduce the risk of cyber threats and attacks. The advisory outlines Russian state-sponsored cyber operations, commonly observed tactics, techniques, and procedures (TTPs), detection actions, incident response guidance, and mitigations.
Resources:
- CISA Insights
- Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure
Center for Digital Government Virtual Conference: “Beyond the Beltway – Tech Trends in the States and Localities” (March 3-4, 2022)
Among other topics, this conference will feature a discussion focusing on cybersecurity, modernization, and constituent experiences. Click here for details and registration information.
2021 Trends Show Increased Global Threat of Ransomware
CISA, FBI, NSA, the Australian Cyber Security Centre (ACSC), and the United Kingdom’s National Cyber Security Centre (NCSC-UK) have released a joint Cybersecurity Advisory (CSA). The advisory highlights increased global ransomware incidents in 2021. The advisory summarizes observed behaviors and offers recommendations to reduce ransomware vulnerabilities.
DHS Launches First-Ever Cyber Safety Review Board
DHS announced its establishment of a Cyber Safety Review Board (CSRB). The CSRB will convene government and industry leaders seeking to strengthen the nation’s cybersecurity. Their role will be to review and assess significant cybersecurity events so that government, industry, and security personnel can better protect our nation’s networks and infrastructure. To learn more about the CSRB, visit CISA.gov.
Cybersecurity News
Private Contractor to Drop Facial Recognition Requirement for all State and Federal Agencies After Backlash over IRS Plan
The private contractor ID.me will drop a facial identity recognition requirement included in software used by 30 states and 10 federal agencies after an Internal Revenue Service announcement that it has abandoned plans to require users accessing their tax records to provide one or more images of themselves. There is currently no federal law regulating facial recognition technology, but in the wake of this development legislators are calling for limitations on its use by federal agencies. Read more here.
NSF Awards $29M in Scholarships to Boost Govts’ Cyber Workforces
The National Science Foundation (NSF) recently announced more than $29 million scholarship grants for eight universities over a five-year period. The scholarships will cover full tuition and stipends for students who agree to work in cybersecurity post-graduation for state, local, federal, or tribal governments. Read more here.
Senators Rosen and Blackburn Reintroduce Cyber Workforce Bill
Earlier this month, Senators Jacky Rosen (D-Nev.) and Marsha Blackburn (R-Tenn.) introduced the Cyber Ready Workforce Act. The bill would allow the Department of Labor to support cybersecurity apprenticeship programs and career counseling, among other things. Read more here.
Hackers Prey on Public Schools, Adding Stress Amid Pandemic
Since virtual learning has proliferated during the pandemic, schools have become more dependent on technology and more vulnerable to cyberattacks. The K-12 Cybersecurity Act passed last October aims to aid schools in building cybersecurity programs by 2027. Read more here.
New Mexico Lawmakers Propose $45M School Cybersecurity Fund
On February 7, New Mexico’s House Education Committee advanced a bill to allocate $45 million to hire cybersecurity professionals and support a grant for school districts to bolster their cyber defenses. This comes in response to cyberattacks on the state’s school systems. Read more here.
Washington State Agency Discloses Data Breach Impacting Thousands of Licensed Professionals
In late January, Washington’s Department of Licensing (DOL) suffered a security breach resulting in the exposure of personal data on hundreds of thousands of licensed professionals. DOL notified the licensed professionals of the data accessed in the breach, but it is feared the data will be used to commit tax fraud this filing season. Read more here.
NGA Government Relations Update
CISA Director Offers Governors Advice on Talking About Cyber
Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly spoke alongside several Governors at the 2022 NGA Winter Meeting. During this discussion, Director Easterly discussed the development of new grants under the recently passed Infrastructure Investment and Jobs Act. The Director also emphasized the need for states to implement multifactor authentication and ensure government agencies are prioritizing resiliency and cyber hygiene. Read more here.