How the Federal Government Can Improve Its Response to Ransomware Attacks
While the federal government is not the primary target of ransomware attacks, it plays a large role in helping those who have been attacked recover. It also provides advice on how enterprises can protect themselves against such attacks.
A new report from the Government Accountability Office (GAO) outlines three areas where the federal government could improve this assistance:
- Interagency coordination
- Awareness, outreach and communication
- Coordination with schools
The GAO reports that ransomware attacks are actually on the rise among organizations of all sizes. State, local, tribal and territorial government organizations (SLTTs), along with schools, are frequent targets.
The report comes roughly a year after the enactment of the Consolidated Appropriations Act, which includes requirements for additional federal coordination to address ransomware threats.
Why Interagency Coordination Is a Must in Ransomware Protection
The FBI, the Secret Service and CISA are the primary federal agencies that assist in protecting SLTTs from ransomware attacks through education, awareness, information sharing, analysis, cybersecurity assessment and incident response. That said, the GAO reported in September that coordination among the three agencies was informal and lacked official procedures.
The GAO recommends the agencies formalize procedures to make their ransomware assistance efforts more effective. More specifically, the GAO identified six key practices the agencies haven’t fully addressed or haven’t addressed at all:
- Defining outcomes and monitoring accountability
- Bridging organizational cultures
- Clarifying roles and responsibilities
- Including relevant participants
- Identifying and leveraging resources
- Developing and updating written guidance and agreements
The Power of Ransomware Awareness, Outreach and Communication
SLTTs reported to the GAO that they’re generally satisfied with ransomware assistance from the federal government. However, they also identified challenges, such as not being aware of available federal services and dealing with inconsistent communication when contacting the FBI for assistance. Tribal governments in particular said that CISA’s focus on outreach at the state level leaves tribal nations uninformed. The GAO recommends the three federal agencies work together to evaluate how to best address these concerns and facilitate collaboration.
How Agencies Can Coordinate With Schools to Prevent Attacks
In October, the GAO highlighted the impact ransomware attacks can have on K–12 schools. School officials indicated the loss of learning following an incident ranged from three days to three weeks, and incident recovery time ranged from two to nine months. The resulting downtime and devotion of resources to incident recovery can also have a major financial impact on schools.
There has been federal guidance in the past. The 2013 National Infrastructure Protection Plan called for the development of government councils to enable interagency and intergovernmental coordination to address a specific need for federal assistance, such as cybersecurity at K–12 schools. Yet, outside of offering resources, the GAO noted that the Department of Education and CISA have little to no interaction with K–12 schools regarding cybersecurity.
The Department of Education has not established the government coordinating council that the protection plan called for back in 2013. The GAO recommends that the Department of Education and CISA establish such a council to coordinate cybersecurity efforts between federal agencies and the K–12 community and facilitate more frequent communication between the two groups.