Authored by the National Cybersecurity Center Cybersecurity Committee
Due to the increasing ransomware incidents across the nation such as the Colonial Pipeline Ransomware[i], the Whitehouse announced the formation of the Ransomware Taskforce on July 15, 2021.[ii] With the announcement, the Department of Homeland (DHS) and the Department of Justice (DOJ) launched a website with the federal resources to assist organizations to reduce the risk of ransomware attacks.[iii]
Despite the magnitude of cyber-attacks hitting all companies, it’s clear that SMBs are at particular risk. In its recent Global State of Cybersecurity in Small and Medium-Sized Businesses report[iv], the Ponemon Institute found that two-thirds of small businesses had experienced a cyberattack in the last 12 months alone. In the U.S., that number increases to 76%, representing a spike of 20 percentage points from just three years prior.
Although government resources are available, many SMBs still do not know who to call particularly in the heat of a cyber event such as a ransomware attack. Many times, SMBs will call the local law enforcement or the FBI. However, when these resources are contacted, their focus is on investigation, not incident response and assistance. While there are some “hot line” numbers, most of them are focused on information collection not incident response. For example, the DHS/Cybersecurity and Infrastructure Agency (CISA) website includes a “Report an Incident” tab, which provides the ability for an organization to submit an incident report and have incident information directed to the Internet Crime Complaint Center (IC3). Under the “Contact Us” section, there is a telephone number published, “888-282-0870.” This telephone number is several levels deep on the website. As listed on this website, “DHS has a mission to protect the Nation’s cybersecurity and has organizations dedicated to collecting and reporting on cyber incidents, phishing, malware, and other vulnerabilities.” While incident collection and reporting is helpful, it is not sufficient incident response. As a result, SMBs that suffer cyberattack have limited ability to respond, and often remain vulnerable to follow on attack.
The House Energy and Commerce Committee markup for its portion of the budget reconciliation bill includes $10 billion for the deployment of a next-generation 9-1-1 system, another $80 million for a next-generation 9-1-1 cybersecurity center for the National Telecommunications and Information Administration (NTIA) which would be responsible for providing entities grants to make the upgrade from the current 9-1-1 systems to next generation 9-1-1 systems. The next generation 9-1-1 Cybersecurity Center would have responsibility for coordinating across state, local and regional governments to “share cybersecurity information, analyze cybersecurity threats, and to share guidelines and best practices for intrusions detection and prevention as is relates to next generation 9-1-1…[v]
Establish a “Cyber 911” capability
1. With these national resources already established and in once place, the NCC should establish a point of view advocating for a one-stop shop national “hotline”, or “Cyber 911.” The establishing of this hotline should be aggressively promoted through a national campaign like other national campaigns such as one the current one for vaccinations, forest fire prevention, smoking prevention.
2. Partner with CISA and/or the appropriate entity to assess the effectiveness of the current reporting model and explore the option of expanding the scope of support it can provide, focused more on incident response. If the information is limited, the NCC could offer to provide to keep the information current and relevant to SMBs for general information (initial contact).
3. Explore using the national call center capabilities such USA.gov[ii] and its national call center to function as the first level of response. This would expand and include the existing website for Ransomware.
With the successful implementation of “Cyber-911” number, SMBs will have the ability to respond to serious cyber-attacks more effectively. The NCC along with other not-for-profits can provide Cyber 9-1-1 information as SMBs develop their incident response plans to have the number included for the “one call” vs having to search through the current website, fill out the form and wait for a response back. This number would work like a cyber “air traffic controller” supporting the impacted SMB and helping to leverage local, state, and/or federal resources in a timely manner.
The National Cybersecurity Center has already begun piloting this type of hotline and support center through the Colorado Cyber Resource Center (CCRC). While focused primarily on supporting local jurisdictions in Colorado, the model is similar to what could be possible at a national level. The CCRC has a hotline that jurisdictions can call if they get into trouble and don’t know who to reach out to; the CCRC will then connect those jurisdictions with the incident response resources in the state. Additionally, the CCRC hosts webinars, tabletop exercises and guidance on building cybersecurity programs that work for different sizes of jurisdictions.
[iii] Stop Ransomware | CISA
[vi] Call Us | USAGov
Get in Touch with the National Cybersecurity Center
About the National Cybersecurity Center
The National Cybersecurity Center (NCC) is a non-profit organization established for cyber innovation and awareness. Established in 2016 from the vision of United States Senator from Colorado John Hickenlooper, in coordination with several people from the University of Colorado Colorado Springs (UCCS) and the community, the NCC serves both public and private organizations and individuals through training, education and research. Discover NCC at cyber-center.org.