Resources to Support Municipal Cyber Resiliency
For National Cybersecurity Awareness Month 2019, the Cyber Resilient Massachusetts Municipality Sub-working Group has developed a toolkit to help municipal leaders begin to understand the cybersecurity posture of their municipality and figure out next steps for protecting municipal infrastructure against cyber threats.
The intent is to provide guidance and action steps necessary to get the conversation started around cybersecurity preparedness and ultimately protect municipal infrastructure against cyber threats before they occur.
Getting Started
1. Why Cybersecurity?
Municipal Operations & Finance
2. What is Cybersecurity?
3. How Do I Prepare?
Achieve a Minimum Baseline of Cybersecurity
Business Planning
| Getting Started: Conversations to have with Business Process Owners and IT Staff |
Sets of questions for municipal leaders for conversation with Business Process Owners, IT Staff, and Service Providers to assess cybersecurity preparedness and to consider next steps in developing a plan. |
| Cyberplanner Tool for Creating a Custom Cybersecurity Plan |
Tool for creating a custom cybersecurity plan with expert advice to address specific business needs and concerns. |
| Considerations for Business Impact Analysis |
This article outlines the steps and considerations of a Business Impact Analysis, including the consequences of a business function disruption and the information needed to develop recovery strategies. |
| Business Impact Analysis - Guide and Template |
Guide for Agencies to conduct Business Impact Analysis with Step-by-Step guidance and a template. https://www.oregon.gov/das/Procurement/Guiddoc/BusImpAnalysQs.doc |
| Contingency Planning Guide and Process Template (NIST SP 800-34) |
Guide with instructions, recommendations, and considerations for IT contingency planning - interim measures to recover IT services after an emergency or system disruption. https://csrc.nist.gov/publications/detail/sp/800-34/rev-1/final |
| FEMA Business Impact Analysis Worksheet |
Business Impact Analysis - FEMA Quick Reference Template. https://www.fema.gov/sites/default/files/2020-07/fema_BIA-Risk-Management-Worksheet.pdf |
Ransomware
| CISA Insights - Ransomware Outbreak |
This CISA bulletin lays out three sets of straightforward steps any organization can take to protect themselves or recover from a ransomware attack. https://www.us-cert.gov/sites/default/files/2019-08/CISA_Insights-Ransomware_Outbreak_S508C.pdf |
| CISA Security Tip - Protecting Against Ransomware |
Tip Sheet with recommendations for protecting against ransomware. |
| Incidents of Ransomware on the Rise - Protect Yourself and Your Organization |
Article about ransomware with Tips for Dealing with Ransomware Threat. |
| MS-ISAC Security Primer on Ransomware | https://www.cisecurity.org/white-papers/security-primer-ransomware/ |
| NASCIO Cyber Disruption Planning Guide | https://www.nascio.org/wp-content/uploads/2019/11/NASCIO_CyberDisruption_072016.pdf |
| Ransomware explained: How it works and how to remove it |
Despite a recent decline, ransomware is still a serious threat. Here's everything you need to know about the file-encrypting malware and how it works. https://www.csoonline.com/article/3236183/what-is-ransomware-how-it-works-and-how-to-remove-it.html |
| STOP RANSOMEWARE |
The U.S. Government's official one-stop location for resources to tackle ransomware more effectively. |
| U.S. Small Business Association RANSOMWARE FACTS & TIPS |
As technology evolves, the prevalence of ransomware attacks is growing among businesses and consumers alike. It’s important for digital citizens to be vigilant about basic digital hygiene in an increasingly connected world. This fact sheet explains what ransomware is and what you can do about it. |
General Resources
| Cybersecurity is Everyone's Job |
Everyone in a local government has an important role to play in helping to minimize cybersecurity risks. |
| Online Cybersecurity Safety Basics |
Free online security tips and resources. https://staysafeonline.org/stay-safe-online/online-safety-basics/ |
| Center for Internet Security (CIS) | https://www.cisecurity.org/ |
| Cybersecurity and Infrastructure Security Agency (CISA) | https://www.cisa.gov/ |
| Department of Homeland Security (DHS) | https://www.dhs.gov/ |
| Federal Bureau of Investigations (FBI) | https://www.fbi.gov/investigate/cyber |
| Federal Communications Commission (FCC) |
Helps organizations create and save a custom cybersecurity plan quickly to address specific business needs and concerns. |
| Federal Trade Commission (FTC) | https://www.ftc.gov/tips-advice/business-center/small-businesses/cyberse... |
| How to Recognize and Avoid Phishing Scams |
FTC Tip Sheet on how to recognize and avoid phishing scams. https://www.consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams |
| MIIA - Cyber Risk Management Best Practices for Cybersecurity |
The Cyber Risk Management Team of the Massachusetts Interlocal Insurance Association (MIIA), a membership service of the Massachusetts Municipal Association, produced this Tip Sheet of the 10 Cybersecurity "best practices" for municipalities to address cybersecurity in their communities and distributed it at the January 2020 MMA Annual Conference in Boston, MA. |