Guest Post by: Patrick Massey
Regional Director, Cybersecurity, and Infrastructure Security Agency (CISA)
Region 10 (Washington, Oregon, Idaho, Alaska)


Cybersecurity. If you had not heard that word much in the past few years, unfortunately, you’ll be hearing it more and more in the future.

CISA is one of the federal government’s newest agencies, and it’s CISA’s job to help protect against cyberattacks, and we know this word well. But for many organizations and agencies, this is a new word being thrust upon you and you are left wondering – what is the cyber threat to my community, and what can I do about it?

First, the threat is real. Malicious actors in Russia, China, and other parts of the world are working to disrupt or disable our infrastructure by hacking into our IT systems. Cybercriminals are looking to profit from poor cybersecurity practices through ransomware. Critical infrastructure like power grids and water treatment systems are being targeted. County and city governments are being targeted.

The question you need to be asking right now…is your organization prepared to respond and defend against cyberattacks?

So, what does protecting your organization look like? It’s two-fold – investments in cybersecurity – and working with your Information Technology (IT) and IT Security staff to ensure the right defenses are in place now.

Let’s start with the first one – Investment in cybersecurity. Many view it as a sunk cost. We invest in IT security and what do we see from it? No new buildings, or faster computers, or improved government services. However, what you do get is peace of mind knowing you’ve done all you can to secure your data and the avoidance of a costly intrusion that could shutter the vital services you provide to your citizens.

Investing in cybersecurity should be a priority of governments at all levels. It’s that critical because this problem is not going away anytime soon and will only worsen over time.
The next step is to get to know your IT Security leaders. Seek their advice. Ask them; What is our cyber risk? How do you know if something is wrong? What information and systems are we protecting? Do we have a plan if something does go wrong?

Visit the CISA “Shields-Up” webpage at Shields Up | CISA. Here you can find the latest national cyber alerts to get a feel for the types of cyberattacks impacting our country along with a host of other information like the “Known Exploited Vulnerabilities Catalog”, and cybersecurity “Recommendations for Corporate Leaders and CEOs”.

On the website, you’ll also find some basic tips for practicing good cyber hygiene such as:

  • Use strong authentication across your systems including unique passwords and multi-factor authentication.
  • Ensure your software is up to date and use anti-virus software.
  • Train your staff – think before you click.
  • Prepare to respond if an incident happens. Have staff on-hand and ready to help.

Collaborating with the business community and municipalities across the country is a core element to our work. It also happens to be a great way to fight cyberattacks. If we partner together to defend our systems against malicious threats, we can all learn from each other and improve our defenses, collectively.

As government leaders, you are on the front lines of our nation’s cyber defenses. Good cybersecurity not only protects your community, but it also protects America’s security.
Now is the time to put our collective shields up.