U.S. and state leaders recognized municipalities do not have the resources or manpower to stop the onslaught of cyberattacks at a local level. This year, a new strategy has emerged in the war on cyber terrorism, fostering a shared services approach to winning on this invisible battlefield on national, state, and local levels. As a result, New York municipalities have access to more support, training, and tools than ever to protect sensitive data and critical infrastructure.
In June, the State and Local Government Security Act was signed into law, formalizing the Cybersecurity and Infrastructure Security Agency (CISA) and Multi-State Information Sharing and Analysis Center (MS-ISAC) relationship and roles in increasing cybersecurity defenses and resiliency.
Under the law, CISA is required to help address cyber incidents; share cyber threat indicators, defensive measures, and risks; communicate incidents; share best practices, standards, and policies; help build system resiliency; promote education and awareness; and more. MS-ISAC (made up of a coalition of more than 2,500 organizations including states and territories) must work with CISA to improve cybersecurity for all, using a 24/7 watch and warning center and a Computer Emergency Response Team.
In July, NY Governor Kathy Hochul announced the start of the state’s $30 million shared services program to help counties protect government systems against ransomware and other attacks. This follows the introduction of the state’s Joint Security Operation Center which takes a centralized approach to managing cybersecurity risk for government assets throughout the state. Counties can opt-in at no cost.
What’s more, the Infrastructure Investment and Jobs Act of 2021 includes $1 billion in grants to state, local, tribal, and territorial governments over four years. Under the law, 80% of money received by states via grants must go to local governments. Just a few days ago (September 16 to be exact), the Department of Homeland Security launched the State and Local Cybersecurity Grant Program to begin distributing funds. (Click here for FAQs for how local governments can access the grants.)
To bolster efforts to stand up to cyber attacks at the local level, early this year, the New York State Association of Counties issued a Cybersecurity Primer for Local Leaders. The Hudson Valley Pattern for Progress hosted a series of webinars (with recordings available) focusing on boosting cybersecurity in the region.
Also, the New York State Office of Information Technology developed a webpage devoted to cybersecurity resources for local municipalities’ elected officials, administrative officials, and business managers. Among the many resources posted is a Local IT Governance Management Guide, as well as guides for incidence reports, risk management, getting started with cyber security, secure credit card payments, firewalls, Internet and acceptable use policies, disposal of electronic media, and backing up essential information. In addition, there are awareness resources including webinar recordings, newsletters, and toolkits; training resources; and a toolkit with assessment tools, user guides, and more.
With so many divisive factors in society today, it’s refreshing to see that when called upon Americans can be bigger than what divides us by uniting at every level of government to stand up against security threats in cyberspace. No doubt, it’s a big job on a battlefield with no borders and no visible enemies.
To free you up to focus on what you do best – including protecting your community’s critical infrastructure and residents’ private data, we want to remind you that RBT CPAs is here to take on everything accounting, tax, and audit-related. We’ve been serving municipalities in the Hudson Valley and beyond for over 50 years, and we’re always ready to do our part with the highest standards of professionalism and ethics. Contact RBT CPAs today.