Municipal Cybersecurity Toolkit

Resources to Support Municipal Cyber Resiliency

For National Cybersecurity Awareness Month 2019, the Cyber Resilient Massachusetts Municipality Sub-working Group has developed a toolkit to help municipal leaders begin to understand the cybersecurity posture of their municipality and figure out next steps for protecting municipal infrastructure against cyber threats.

The intent is to provide guidance and action steps necessary to get the conversation started around cybersecurity preparedness and ultimately protect municipal infrastructure against cyber threats before they occur.

Getting Started

 

1. Why Cybersecurity?

2. What is Cybersecurity?

3. How Do I Prepare?

 

Business Planning

Getting Started: Conversations to have with Business Process Owners and IT Staff

Sets of questions for municipal leaders for conversation with Business Process Owners, IT Staff, and Service Providers to assess cybersecuity preparedness and to consider next steps in developing a plan.

https://masscybercenter.org/why-cybersecurity/municipal-cybersecurity/how-do-i-prepare-become-cyber-resilient

Cyberplanner Tool for Creating a Custom Cybersecurity Plan

Tool for creating a custom cybersecurity plan with expert advice to address specific business needs and concerns.

https://www.fcc.gov/cyberplanner

Considerations for Business Impact Analysis

This article outlines the steps and considerations of a Business Impact Analysis, including the consequences of a business function disruption and the information needed to develop recovery strategies. 

https://www.ready.gov/business-impact-analysis

Business Impact Analysis - Guide and Template

Guide for Agencies to conduct Business Impact Analysis with Step-by-Step guidance and a template.

https://www.oregon.gov/das/Procurement/Guiddoc/BusImpAnalysQs.doc

Contingency Planning Guide and Process Template (NIST SP 800-34)

Guide with instructions, recommendations, and considerations for IT contingency planning - interim measures to recover IT services after an emergency or system disruption. 

https://csrc.nist.gov/publications/detail/sp/800-34/rev-1/final

FEMA Business Impact Analysis Worksheet

Business Impact Analysis - FEMA Quick Reference Template.

https://www.fema.gov/media-library-data/1388776348838-b548b013b1cfc61fa92fc4332b615e05/Business_ImpactAnalysis_Worksheet_2014.pdf

Good Cyber Hygiene

How to Recognize and Avoid Phishing Scams

FTC Tip Sheet on how to recognize and avoid phishing scams.

https://www.consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams

Ransomware

CISA Insights - Ransomware Outbreak

This CISA bulletin lays out three sets of straightforward steps any organization can take to protect themselves or recover from a ransomware attack.

https://www.us-cert.gov/sites/default/files/2019-08/CISA_Insights-Ransomware_Outbreak_S508C.pdf

CISA Security Tip - Protecting Against Ransomware

Tip Sheet with recommendations for protecting against ransomware.

https://www.us-cert.gov/ncas/tips/ST19-001

CISA Tip Sheet on Ransomware

Information on what ransomware is and what organizations can do to protect against the threat.

https://www.us-cert.gov/Ransomware

CISA, MS-ISAC, NGA & NASCIO Recommended Immediate Action to Safeguard Against Ransomware Attacks

Essential recommended actions to enhance your defensive posture against ransomware.

https://www.dhs.gov/cisa/news/2019/07/29/cisa-ms-isac-nga-nascio-recomme...

Incidents of Ransomware on the Rise - Protect Yourself and Your Organization 

Article about ransomware with Tips for Dealing with Ransomware Threat.

https://www.fbi.gov/news/stories/incidents-of-ransomware-on-the-rise/incidents-of-ransomware-on-the-rise

MS-ISAC Security Primer on Ransomware https://www.cisecurity.org/white-papers/security-primer-ransomware/
NASCIO Cyber Disruption Planning Guide https://www.nascio.org/Portals/0/Publications/Documents/2016/NASCIO_CyberDisruption_072016.pdf
Ransomware explained: How it works and how to remove it

Despite a recent decline, ransomware is still a serious threat. Here's everything you need to know about the file-encrypting malware and how it works.

https://www.csoonline.com/article/3236183/what-is-ransomware-how-it-works-and-how-to-remove-it.html

U.S. Small Business Association RANSOMWARE FACTS & TIPS

As technology evolves, the prevalence of ransomware attacks is growing among businesses and consumers alike. It’s important for digital citizens to be vigilant about basic digital hygiene in an increasingly connected world. This fact sheet explains what ransomware is and what you can do about it.

https://staysafeonline.org/wp-content/uploads/2017/09/STOP.-THINK.-CONNECT.-Ransomware-Facts-Tips.pdf

General Resources

Cybersecurity is Everyone's Job

Everyone in a local government has an important role to play in helping to minimize cybersecurity risks.

https://www.sao.wa.gov/becybersmart/

Online Cybersecurity Safety Basics

Free online security tips and resources.

https://staysafeonline.org/stay-safe-online/online-safety-basics/

Center for Internet Security (CIS) https://www.cisecurity.org/
Cybersecurity and Infrastructure Security Agency (CISA) https://www.cisa.gov/
Department of Homeland Security (DHS) https://www.dhs.gov/
Federal Bureau of Investigations (FBI) https://www.fbi.gov/investigate/cyber
Federal Communications Commission (FCC)

Helps organizations create and save a custom cybersecurity plan quickly to address specific business needs and concerns.

https://transition.fcc.gov/cyber/cyberplanner.pdf

Federal Trade Commision (FTC) https://www.ftc.gov/tips-advice/business-center/small-businesses/cyberse...