GAO: Feds Could Improve Collaboration on Ransomware
While officials from government organizations were “generally satisfied” with ransomware prevention and response assistance provided by federal agencies, more work could be done to improve communication and information sharing.
This was the conclusion of a report from the Government Accountability Office (GAO), which revealed half the survey respondents struggled with inconsistent communication while receiving the FBI’s ransomware assistance.
The Cybersecurity and Infrastructure Security Agency (CISA), FBI, and Secret Service all help in preventing and responding to ransomware attacks on state, local, tribal and territorial (SLTT) government organizations.
This support is provided through education and awareness, information sharing and analysis as well as cybersecurity review and assessment and incident response.
The report warned agencies have not addressed aspects of key collaboration practices such as defining common outcomes for ransomware assistance to SLTTs, procedures for how detailees should coordinate and processes for making decisions such as how and when to involve another federal agency on a ransomware incident.
“These and other shortfalls were due, in part, to the lack of an established mechanism for interagency collaboration,” the report stated. “Federal action to better address key practices for interagency collaboration will help better support the effective coordination that SLTTs need to address the pervasive ransomware threat.”
The GAO report pointed out the agencies lack a unifying coordination mechanism to better facilitate aid between federal agencies and SLTTs and underlined the ad hoc nature of much of the assistance.
It noted existing interagency collaboration on ransomware assistance to STLL governments was “informal and lacked detailed procedures”, and said the key practice of defining outcomes and monitoring accountability was not even addressed.
Room for Improvement
“Generally, there’s always room for improvement of information sharing between agencies,” said Shawn McCabe, director of engineering, U.S. public sector and emerging markets at Delinea. “When you expand that discussion to sharing information between federal, state and local, I think we can all agree that it needs to be improved.”
He uses the example of how many local governments run their own municipal water systems.
“Clean and safe drinking water is vital to everyone, and ransomware attacks at these types of facilities have already happened,” he says. “Improving information sharing between federal, state and local governments to protect these vital resources is very important.”
McCabe adds centralization helps because platform sprawl can certainly be an issue, noting implementation and ongoing operationalizing of these platforms and databases is potentially a larger issue.
“Too often a platform is put in place that may need a new database or have some feature redundancy with another platform in-house, but bigger issues occur when these platforms are implemented and then left to run in the background without proper care and feeding,” he explains.
McCabe says it’s important for there to be some type of clearinghouse that would allow local governments to benefit from each other’s experiences and ensure that all state and local governments have access to the same guidelines and best practices to protect themselves.
Ransomware Prevention
Even though the GAO report found officials from government organizations were “generally satisfied” with the ransomware prevention and response assistance provided by federal agencies, standards should probably be higher, he noted.
“‘Generally satisfied’ is probably not good enough given the stakes,” he says. “It could be that many government organizations who answered this question might not be completely aware of all the risks or precisely how the risk of ransomware is mitigated at their organization.”
He compares being “generally satisfied” to a dessert after dinner, where your cherry pie was bland but OK.
“Generally satisfied with ransomware prevention means you’re potentially not well positioned to handle a sophisticated, nuanced attack,” McCabe says.
Back in May, CISA announced the formation of a joint ransomware task force, plans for which were originally outlined in the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA).
The FBI will co-chair the task force, which means the operational leads will be Eric Goldstein, CISA’s head of cybersecurity and Bryan Vorndran, the assistant director of the FBI’s Cyber Division.
Earlier this month, the CISA issued a Binding Operational Directive (BOD 23-01) that is designed to improve U.S. federal agencies’ ability to find vulnerabilities in their network for better prevention and response to cybersecurity incidents.
