Ransomware poses threats to federal, state, and section authorities organizations, including schools. Taking enactment connected 3 recommendations from our enactment successful this country could assistance the national authorities amended coordination and assistance.
The Big Picture
Ransomware attacks are connected the emergence astatine organizations and industries of each sizes. Hospitals, schools, exigency services, and different industries person been the victims of specified attacks. Ransomware is simply a signifier of malicious bundle designed to render the underlying information and systems unusable. Ransom payments are past demanded successful speech for restoring entree to the locked information and systems.
Four stages of a ransomware attack
State, local, tribal, and territorial (SLTT) authorities organizations, including schools, person been peculiarly targeted by ransomware attacks, which tin person devastating impacts connected captious authorities operations and services. According to the Multi-State Information Sharing and Analysis Center—an independent, nonprofit organization—SLTTs experienced astir 2,800 ransomware incidents from January 2017 done March 2021.
Consequently, national assistance provided to SLTTs to forestall and respond to ransomware threats is indispensable to enhancing cybersecurity resiliency and effectiveness.
What GAO’s Work Shows
GAO’s enactment identified areas wherever the national authorities could amended the coordination and assistance it provides to others for addressing ransomware attacks.
1. Interagency Coordination
The Cybersecurity and Infrastructure Security Agency (CISA), Secret Service, and FBI are the superior national agencies that supply nonstop assistance aimed astatine preventing and responding to ransomware attacks connected SLTTs. This is provided done acquisition and awareness, accusation sharing and analysis, cybersecurity reappraisal and assessment, and incidental response.
However, successful September 2022, we reported that they lacked processes for much effectual national coordination connected ransomware assistance to SLTTs. Specifically, the interagency coordination betwixt the 3 agencies connected ransomware assistance to SLTTs was informal and lacked documented procedures.
➢ We recommended that CISA, Secret Service, and FBI improve interagency coordination connected ransomware assistance to SLTTs.
2. Awareness, Outreach, and Communication
In September 2022, we reported that though SLTTs were mostly satisfied with the ransomware assistance provided by the national government, officials from each 13 SLTTs we interviewed identified challenges with awareness, outreach, and communication: Tribal officials expressed concerns astir CISA’s absorption connected conducting outreach astatine the authorities level, leaving tribal nations uninformed. SLTTs contacting FBI for effect assistance cited issues with inconsistent and timely communication. ➢ We recommended that CISA, Secret Service, and FBI evaluate however to champion code concerns raised by SLTTs.
3. Coordination with Schools Cybersecurity incidents, specified arsenic ransomware attacks, astatine kindergarten done people 12 (K-12) schools tin importantly interaction their quality to proceed operations and tin origin learning and monetary loss. In October 2022, we reported that authorities and section officials knowledgeable astir K-12 cybersecurity indicated that the nonaccomplishment of learning pursuing an incidental ranged from 3 days to 3 weeks, and incidental betterment clip ranged from 2 to 9 months. In addition, a probe enactment provided america with an estimate of the fig of students being affected by ransomware attacks betwixt 2018 and 2021. Estimated Number of U.S. Students Affected by Ransomware Attacks connected K-12 Schools, 2018-2021 Federal guidance, specified arsenic the 2013 National Infrastructure Protection Plan (National Plan), calls for the improvement of authorities coordinating councils to, among different things, alteration interagency and intergovernmental coordination to code a circumstantial request for national assistance, specified arsenic cybersecurity astatine K-12 schools. However, we recovered that portion the Department of Education and CISA connection cybersecurity resources to K-12 schools, specified arsenic online information guidance, they different person small to nary enactment with the K-12 assemblage regarding their cybersecurity. This is due, successful part, to the Department of Education not establishing a authorities coordinating council, arsenic called for successful the National Plan. Such a assembly tin facilitate connection and coordination among national agencies and with the K-12 community. This, successful turn, tin alteration national agencies to amended code the cybersecurity needs of K-12 schools. ➢ We recommended that the Department of Education, successful consultation with CISA and different applicable stakeholders, establish an applicable authorities coordinating council to coordinate cybersecurity efforts betwixt national agencies and with the K-12 community. The precocious enacted Consolidated Appropriations Act, 2022 includes requirements for further national coordination successful addressing ransomware threats. The enactment requires CISA to pb the constitution of and seat a Joint Ransomware Task Force. Once the task unit is established, national agencies similar CISA, Secret Service, and FBI whitethorn person a mechanics for coordinating national ransomware assistance to SLTTs, including schools. For much information, interaction Jennifer R. Franks astatine (404) 679-1831 oregon FranksJ@gao.gov.
Opportunities
More from GAO’s Portfolio
/cdn.vox-cdn.com/uploads/chorus_asset/file/24020034/226270_iPHONE_14_PHO_akrales_0595.jpg)
English (US)