As ransomware attacks proliferate across state and local governments, agencies can turn to a key federally funded ally — the Multi-State Information Sharing and Analysis Center.
The MS-ISAC and the Elections Infrastructure Information Sharing and Analysis Center are staffed and operated by the Center for Internet Security through a cooperative agreement with the U.S. Department of Homeland Security at the CIS Security Operations Center 24 hours a day, 365 days a year.
DHS designated the MS-ISAC as the “key cyberthreat resource for the prevention, protection, response, and recovery for the state, local, tribal and territorial (SLTT) community.” Throughout the past year, for example, the MS-ISAC helped SLTT agencies fight ransomware such as RobbinHood and LockerGoga.
Leveraging the experience of the MS-ISAC, CIS established the EI-ISAC following the 2016 elections. The EI-ISAC is fully operational in all 50 states, with over 2,000 local election offices as members. Membership is free to all SLTT agencies. EI-ISAC’s 24/7 operations share and correlate information on cyberthreats affecting members, including threats against internet-connected voting systems.
MORE FROM STATETECH: Discover how vulnerability scans can help secure election systems.
State and Local Agencies Get Automated and Human Security Reviews
Sounds impressive, but what does the MS-ISAC really provide for its members? As a membership organization working exclusively with the SLTT community, the MS-ISAC has unparalleled insight into the cybersecurity threats and challenges faced by state and local government entities. Whether an agency is a large state IT department or a one- person operation handling a local school district, the MS-ISAC can help defend an organization from cyberthreats.
The CIS SOC is the MS-ISAC’s front line in the battle against cyberthreat actors. Trained SOC analysts and intelligence professionals work tirelessly reviewing logs and threat vectors, responding to calls and helping members navigate the complex world of cybersecurity. In conjunction with the SOC, the MS-ISAC offers members access to a premier computer emergency response team. This team provides forensic services, malware and vector identification.
The SOC team reviews thousands of logs — more precisely, 37 petabytes of data per month — looking for indicators of compromise. The data about cybercrimes affecting SLTT governments comes from open sources and nonpublic threat information received from the federal government.
In addition, the MS-ISAC’s intrusion detection system, called Albert, has been deployed across the United States and its territories. This passive monitoring device resides just outside members’ networks, where internet traffic meets members’ systems. The signature-based device is not a firewall; rather, it monitors network traffic to find suspicious activity. If a signature fires, the SOC is notified. Analysts review the event and determine what the signal is.
If warranted, the SOC then notifies an entity of a possible issue. The CIS ensures a very low false positive result thanks to a user review.
MORE FROM STATETECH: Keep an eye on these 4 IT trends in state and local government in 2020.
MS-ISAC Proves a Range of Cyber Services and Tools
The MS-ISAC ties this information together to provide its membership with timely alerts about attacking addresses and domains to help keep firewalls current. Combined with the ISACs’ IP- and domain-monitoring services and port profiler, the CIS offers a diverse toolkit to bolster cyberdefenses for MS-ISAC and EI-ISAC members.
These are just a few of the services offered to the SLTT community absolutely free of charge by the MS-ISAC. There are many others, including CIS SecureSuite membership, awareness campaigns, newsletters for both the security professional and the layperson, web-based malicious code analysis platforms, threat stream assessments and more.
To join the MS-ISAC or EI-ISAC and begin taking advantage of its many benefits, visit the Center for Internet Security at cisecurity.org.