Dec 14 2022

How the Federal Government Can Improve Its Response to Ransomware Attacks

A new report from the Government Accountability Office outlines three areas where agencies could improve.

While the federal government is not the primary target of ransomware attacks, it plays a large role in helping those who have been attacked recover. It also provides advice on how enterprises can protect themselves against such attacks.

A new report from the Government Accountability Office (GAO) outlines three areas where the federal government could improve this assistance:

  • Interagency coordination
  • Awareness, outreach and communication
  • Coordination with schools

The GAO reports that ransomware attacks are actually on the rise among organizations of all sizes. State, local, tribal and territorial government organizations (SLTTs), along with schools, are frequent targets.

The report comes roughly a year after the enactment of the Consolidated Appropriations Act, which includes requirements for additional federal coordination to address ransomware threats.

Click the link to receive curated security content by becoming an Insider.

Why Interagency Coordination Is a Must in Ransomware Protection

The FBI, the Secret Service and CISA are the primary federal agencies that assist in protecting SLTTs from ransomware attacks through education, awareness, information sharing, analysis, cybersecurity assessment and incident response. That said, the GAO reported in September that coordination among the three agencies was informal and lacked official procedures.

The GAO recommends the agencies formalize procedures to make their ransomware assistance efforts more effective. More specifically, the GAO identified six key practices the agencies haven’t fully addressed or haven’t addressed at all:

  • Defining outcomes and monitoring accountability
  • Bridging organizational cultures
  • Clarifying roles and responsibilities
  • Including relevant participants
  • Identifying and leveraging resources
  • Developing and updating written guidance and agreements

READ MORE: How agencies are using tools to adapt after cyberattacks.

The Power of Ransomware Awareness, Outreach and Communication

SLTTs reported to the GAO that they’re generally satisfied with ransomware assistance from the federal government. However, they also identified challenges, such as not being aware of available federal services and dealing with inconsistent communication when contacting the FBI for assistance. Tribal governments in particular said that CISA’s focus on outreach at the state level leaves tribal nations uninformed. The GAO recommends the three federal agencies work together to evaluate how to best address these concerns and facilitate collaboration.

DISCOVER: How agencies can modernize their cyber resilience with today’s tape innovations.

How Agencies Can Coordinate With Schools to Prevent Attacks

In October, the GAO highlighted the impact ransomware attacks can have on K–12 schools. School officials indicated the loss of learning following an incident ranged from three days to three weeks, and incident recovery time ranged from two to nine months. The resulting downtime and devotion of resources to incident recovery can also have a major financial impact on schools.

There has been federal guidance in the past. The 2013 National Infrastructure Protection Plan called for the development of government councils to enable interagency and intergovernmental coordination to address a specific need for federal assistance, such as cybersecurity at K–12 schools. Yet, outside of offering resources, the GAO noted that the Department of Education and CISA have little to no interaction with K–12 schools regarding cybersecurity.

The Department of Education has not established the government coordinating council that the protection plan called for back in 2013. The GAO recommends that the Department of Education and CISA establish such a council to coordinate cybersecurity efforts between federal agencies and the K­–12 community and facilitate more frequent communication between the two groups.

WhataWin/Getty Images

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.