Cybersecurity

An array of computer screens monitoring device performance

Overview

MARC helped facilitate the creation of a regional cybersecurity strategic framework to strengthen the capacity of local governments to address cybersecurity threats in a coordinated effort. 

Created by the Regional Homeland Security Coordinating Committee (RHSCC) leadership and a planning team of city and county leaders, IT professionals, emergency managers and cybersecurity experts, the Regional Cybersecurity Strategic Framework:

  • Created a leadership group to build capacity and provide sustainable commitment.
  • Established a regional vision, values and principles to guide steps for improving cybersecurity protection in the region.
  • Identified key components of a Phase 1 cybersecurity work plan.
  • Offered short-term funding strategies for consideration.

The framework also outlines the following six targeted actions that MARC and the region could implement to achieve the shared vision of reducing cybersecurity threats.

  1. Identify and establish best practices for cybersecurity planning
  2. Design and implement regional communication strategies
  3. Create collaborative training opportunities to build a high quality workforce
  4. Create a shared services model to support local governments
  5. Improve redundancy and resilience through mutual aid networks and shared services
  6. Establish a sustainable funding source to support regional response to cyber threats

Cybersecurity Standards

After extensive review of options for a baseline set of cybersecurity standards, the regional cybersecurity leadership group recommended the Center for Internet Security (CIS) Controls as a model set of standards for local governments across the Greater Kansas City region.

CIS, a nonprofit organization, provides free or low-cost materials, webinars and training to local governments through MS-ISAC, the Multi-State Information Sharing and Analysis Center. CIS partners with the Department of Homeland Security and other nationally recognized organizations.

Studies show implementing just the basic CIS controls can stop 85 percent of common cybersecurity attacks. The standards provide a roadmap for local governments to start on the path to more advanced protection.

Individual and Regional Baselining

MARC facilitates individual local government and regional baselining with the Nationwide Cyber Security Review (NCSR), a no-cost, annual self-assessment tool used to assess the organization’s current cybersecurity status and measure progress from year to year.

The Regional Cybersecurity Task Force encourage every jurisdiction in the region to complete the NCSR yearly.

Local governments that complete the NCSR will receive a “report card” to help them prioritize short-term and longer-term actions. They will also receive a comparison to peers across the region and the nation (anonymously aggregated data).

Detailed instructions for completing the assessment are available in the NCSR user guide.

False