Cyber Security: It’s Importance, Breaches, Resolutions
Region 3A is dedicated to advancing Northeast Indiana through services like park planning, grant writing, GIS and transportation assistance, and community and economic development. To sustain these efforts, cyber security is crucial to Region 3A and all of the communities that we serve. Earlier this summer, the Indiana Department of Environmental Management urged all Indiana municipalities to conduct cybersecurity risk assessments to safeguard Indiana’s water and wastewater infrastructure.
Notable Recent Cyber Security Breaches
One of our advisors, BCS Management, has noted the rising frequency and severity of cyber breaches in the US. In May 2021, a ransomware attack on the Colonial Pipeline captured global attention by shutting down gas and oil supply for 5 days all along the east coast. This event highlighted the risk of a more coordinated attack on infrastructure that could leave citizens with no gasoline, heat, electricity, clean running water, internet, and stores with empty shelves. $4.4 million dollars was paid to the hackers to restore the pipeline’s operation. Cross border cyberattacks between Russia and Ukraine have only increased the level of concern by our own government.
Closer to home, Russian hackers targeted a wastewater plant in Tipton, Indiana last April. Only the quick thinking of the facility’s employees avoided a disaster. In July, the City of Columbus, IN suffered a data breach and the City had to temporarily suspend services while they worked to regain control of the situation.
Preparing Better Cyber Security Practices
To stay prepared for the evolving cyber security threat landscape, our communities need to consider implementing a continuous cycle of testing, correcting, and planning, to follow industry best practices and enhance your department’s or organization’s preparedness.
- Penetration Testing and Vulnerability Assessment – Communities need to hire a “white hat” third-party firm to conduct a penetration test of their IT systems and provide a written assessment of any vulnerabilities. This helps identify and address weaknesses before hackers exploit them. A prepared community can deter hackers, and Region 3A can recommend expert providers for these services.
- Risk Assessment (Processes) – Identify potential issues in administrative, managerial, and technical environments by meeting with department heads and administrative personnel to evaluate people, processes, and technology.
- Incident Response Planning – To meet regulatory requirements like IDEM and Indiana Privacy Laws, develop an incident response plan. This plan ensures your community has an incident response team ready to act immediately upon discovering an issue. It includes pre-planned remediation steps, even if the main IT person is unavailable. A well-crafted plan might also save on cyber security insurance premiums
Offer for Help Securing Technical Infrastructure
If you have questions about the importance of cybersecurity within your organization and the best ways to tackle the problem and mitigate your risk, contact Matt Brinkman (260) 347-4714 or mbrinkman@region3a.org right now.