The cybersecurity industry has long focused on protecting large organizations from cyberattacks, leaving smaller and midsize organizations vulnerable. However, the US Cybersecurity and Infrastructure Security Agency (CISA) is beginning to recognize this issue and is taking steps to address it.
CISA is working on helping what it calls “cyber poor” organizations, which include small to midsize agencies and organizations in both the private and public sectors. These organizations play a crucial role in the economy, but often lack the funding and resources to defend themselves against sophisticated cyber adversaries.
To start addressing this issue, here are five recommendations for CISA:
1. Streamline Membership and Access to ISACs: Information Sharing and Analysis Centers (ISACs) were introduced in 1998 to share information and help organizations protect against cyber threats. However, membership is expensive and often excludes smaller organizations. CISA should help streamline membership and access to ISACs by implementing grants that enable broader access to these critical resources.
2. Expand Use of Albert Sensors: Albert sensors are intrusion-detection systems designed for state and local government organizations. While there are currently 800 sensors in use, there should be more effort and funding to place these assets at the state, local, tribal, and territorial (SLTT) level. CISA should also explore expanding Albert sensors through public-private partnerships and work on integration with external security products.
3. Improve Information and Intelligence Sharing with MSPs and MSSPs: Small and midsize organizations struggle to compete for cybersecurity talent with larger enterprises and government agencies. To address this, CISA should work on streamlining data and threat distribution to managed service providers (MSPs) and managed security service providers (MSSPs), who can help amplify the nation’s cyber capabilities.
4. Create a Better Portal and Standard Interface for Two-Way Intelligence Sharing: CISA’s current intelligence distribution system, Automated Indicator Sharing, is limited and complicated for small and midsize businesses. CISA should provide clear and low-cost ways for these businesses to integrate their intelligence and work more closely with them to ensure effective cyber defenses.
5. Lobby for Stricter Incident-Reporting Requirements: Many small and midsize organizations are not required to report cybersecurity incidents, leaving CISA and other government entities unaware of potential threats. CISA should lobby Congress for legislation mandating incident reporting across industries and business sizes. In the absence of a mandate, CISA should establish a better pathway for organizations to share attack details.
By implementing these recommendations, CISA can become a guiding force for small and midsize organizations and local governments in the realm of network security and data protection. These organizations are vital to the economy and must have the support they need to defend against cyber threats.