The number of cyber-security threats and attacks in the United States (US) is rising rapidly. The problem has escalated into a matter of national security and significant danger to national survival. It has been fueled by technological developments globally, particularly creating readily available hacking tools and online messaging. Therefore, the US is in constant danger of relentless attacks from enemies both at home and from abroad.
Attackers take advantage of vulnerabilities to launch attacks on schools and institutions of higher learning, as well as local governments. They then demand colossal sums of money to get their targets out of the situation. If they fail to obey, they end up suffering the consequences, including having to reconstitute their computer networks. Cyber-security threats and attacks are like terminal health conditions. They can only be managed but cannot be eliminated (“FBI, CISA, MS-ISAC: Cybercriminals Increasingly Attacking K-12 Distance Learning,” 2020). It is for this reason that the US government, as well as local authorities, must be persistently alert. The attackers live within the larger global community, and some harbor serious ill-intentions.
The national government has put in place several measures to avoid such incidents. In 2003, the government introduced the Multi-State Information Sharing and Analysis (MS-ISAC) under the Center for Internet Security (CIS). The MS-ISAC is funded by the Department of Homeland Security (DHS) through grants. The organization seeks to tighten the all-inclusive cybersecurity position of the state, local, tribal, and territorial (SLTT) governments. It draws expertise from highly trained CIS staff who are ready to help members in any cybersecurity incident. The staff is trained sufficiently in reverse engineering, malware analysis, forensics analysis, log analysis, and susceptibility assessments (MS-ISAC Charter, 2018). Therefore, the MS-ISAC is fully supported to conduct its mandate of securing the public.
MS-ISAC Role in Reducing Risks of Data Breaches in Organizations
The MS-ISAC members join the organization at no cost and benefit from the multi-agency collaboration in defeating cyber-security threats and attacks. The organization seeks to enable the national government and local government managers to avoid cyber threats, and support response and recovery efforts should cyber-attacks occur. These objectives are to be realized through early warnings on cybersecurity threats, information sharing on cybersecurity attacks, stimulating vigilance among different stakeholders by promoting inter-dependence between cyber systems and critical physical infrastructure, and synchronizing training awareness (Department of Homeland Security [DHS], 2016). Therefore, the organization is crucial given the current threats.
The national government and local governments handle vast volumes of private information for the citizens. The information includes Student, Patient, and Birth / Death Certificates Records, License Applications (Marriage, Business, Driver’s Licenses), Building Permits (including architectural drawings and property information), and Online Reservation & Payment Systems for Parks & Recreation Facilities.
Given the sensitivity of this information, the MS-ISAC must provide sufficient protection against risks of data breaches (MS-ISAC Charter, 2018). This is realized by guaranteeing enough safeguards and providing adequate funding and intelligence through collaborating with the CIS. Through the Nationwide Cybersecurity Review (NCSR) and the DHS, the MS-ISAC scrutinizes connections, exchanges, and procedures governing information technology (IT) administration and the capacity to control operational risk meritoriously.
The information gathered from members helps the MS-ISAC develop standards necessary for the government agencies to protect their computer hardware and software. The MS-ISAC also advises the agencies on the best tools available in the market that provide the best protection of the government systems and data. The MS-ISAC gives the government agencies the right to use advanced security capabilities at low prices (CISA and MS-ISAC Release Joint Ransomware Guide, 2020). Moreover, the system offers 24-hr protection and warning through real-time watching and broadcasting of immediate potential threats. Once vulnerabilities are identified, sufficient mitigation measures are effected at the earliest stage.
To guarantee that the MS-ISAC is fulfilling its mandate, the NCSR developed metrics to assess the cybersecurity maturity of SLTTs. Indeed most SLTTs reported their ability to use the NCSR metrics and have a complete understanding of the cybersecurity framework through which they successfully express their cybersecurity standing and/or requirement to their top managers and/or board members. Consequently, the MS-ISAC should continue to enlighten and support the SLTTs to recognize cracks and capabilities contained in their cybersecurity agendas as well as improve their overall cybersecurity (DHS, 2016). In so doing, the MS-ISAC will have fulfilled its mandate of mitigating the risks of data breaches.
Partnerships with other Institutions in Reducing the Risks and Impacts of Data Breaches
To enhance the effectiveness of protection, the MS-ISAC collaborates with other national agencies that help in information sharing about emerging threats. They include the US Secret Service, the Federal Bureau of Investigation (FBI), the CIS Integrated Intelligence Center (CISIIC), the National Cybersecurity and Communication Integration Centers (NCCIC), the Department of Homeland Security, and; the National Association of Chief Information Officers (NASCIO) (DHS, 2016). In addition, the MS-ISAC has nurtured strong relations with the leading cybersecurity firms, internet service providers (ISPs), software developers, and researchers.
References
FBI, CISA, MS-ISAC: Cybercriminals Increasingly Attacking K-12 Distance Learning, (2020). Darkreading. Web.
MS-ISAC Charter, (2018). Center for Internet Security. Web.
CISA and MS-ISAC Release Joint Ransomware Guide. (2020). Cybersecurity and Infrastructure Security Agency. Web.
Department of Homeland Security. (2016). Critical Infrastructure Threat Information Sharing Framework: A Reference Guide for the Critical Infrastructure Community. Department of Homeland Security. Web.