Counties, cities and municipalities are supposed to push ahead with their digitalisation faster and faster, but this quickly becomes a curse when cyber attacks paralyse the municipalities. It often takes weeks or months until they are fully capable of acting again, because many lack the necessary cyber resilience. Dell Technologies lists five measures with which public administrations can strengthen their digital resilience.
- Cyber attacks on public administration are now commonplace, as counties, cities and municipalities are attractive targets. Not only do they work with the confidential data of many people and businesses, but they are generally important for the functioning of society and the economy, so the potential for extortion is great. However, due to limited resources, they are often inadequately prepared for the attacks and take a very long time before they can fully perform their tasks again. For example, it took nine months until the district administration of the Rhein-Pfalz district was reconnected to the municipal state network after a ransomware attack last autumn. Only when the now ongoing tests of the specialised programmes and processes are completed can the municipality resume its usual activities and process thousands of backlogged cases and procedures.
In order to be ready for action again quickly in the event of an emergency, public authorities as well as municipal institutions and companies should therefore strengthen their cyber resilience. Dell Technologies shows how this can be achieved
- Reduce the attack surface: blocking USB ports and blocking software installations on work computers by employees are among the security basics. Both measures reduce the attack surface of local governments and make it more difficult for cyber criminals to infiltrate their malware. Building on this, however, should be full-fledged zero-trust concepts that further restrict the scope of action of intruders – through strong network segmentation, the allocation of minimal authorisations and consistent verification of all access. Even if cyber criminals have infiltrated a system or captured a password, they can do little with it because they fail due to a lack of rights to the strict access controls in the network and are denied access to other systems or applications
- Store backups in a tamper-proof way: Modern data protection solutions ensure that municipalities can reliably restore all data after a cyber attack. The classic backups and data replications to remote locations are not sufficient for this, as attackers now deliberately render them unusable and encrypt them just like the productive systems. Backup storage with retention lock and special data safes provide a remedy. The retention lock originally comes from archiving and ensures that data is stored unchangeably and cannot be deleted, encrypted or otherwise manipulated for a certain period of time – this is ideal for backups. A data vault, on the other hand, protects a copy of particularly valuable data from unauthorised access through an air gap and detects attempts at manipulation thanks to intelligent forensics.
- Don’t forget the employees: Cyber resilience is not only a question of technology, but also crucially depends on people and processes. Therefore, administrative staff should be continuously trained in the security-conscious handling of data, applications and systems, while IT teams acquire valuable know-how on new threat scenarios and modern security technologies in technical trainings. Since improving cyber resilience goes hand in hand with many new tasks and responsibilities, investments in additional staff are usually unavoidable, such as a Chief Information Security Officer (CISO) who further develops the security and resilience strategy and coordinates the implementation of all measures. The importance of open communication and mutual respect should also not be underestimated: a positive work culture ensures that employees actively strive for improvement instead of just doing things by the book, and that they address mistakes so that they can learn from them.
- Practise regularly in case of emergency: If municipalities become the target of a cyber attack, every minute counts. Lengthy coordination processes and the search for contact persons delay the initiation of measures and ensure that the damage is often greater than it should be. All important information needed for an emergency should therefore be included in an emergency plan. This includes checklists for analysing the attack, recommendations for action as well as clearly defined responsibilities and contact details. To ensure that all cogs mesh perfectly in the event of an attack, the plan must be tested regularly. This gives employees the opportunity to familiarise themselves with all the processes so that they can act calmly and routinely in stressful situations. At the same time, the tests are a reality check as to whether the plan stands up to the requirements in practice or needs to be adapted. After all, IT infrastructures as well as contact persons or requirements for recovery times change again and again.
Don’t do everything alone: Cyber resilience is a complex topic that can easily overwhelm municipalities. They often find it difficult to develop suitable contingency plans or to select custom-fit solutions for data security. In addition, they often orientate themselves on the status quo and try to adapt existing environments and processes, which usually leads to many special solutions that cause a high administrative effort and make recovery in case of an emergency more difficult. Therefore, it usually makes sense to call in experienced IT service providers for support who know what resilient infrastructures and processes look like and where stumbling blocks lurk. They help with the development and implementation of security and resilience strategies and can make recommendations for solutions that work together optimally.