Every day, attackers are targeting US small businesses, election offices, local government agencies, hospitals, and K–12 school systems, but most such organizations do not have the funding — or the dedicated resources — to defend themselves or even to know whether they are being attacked.
The US Cybersecurity and Infrastructure Security Agency (CISA) aims to help these “cyber poor” places both to shore up their defenses and respond more quickly to attacks, Jen Easterly, director of CISA, told attendees at the sixth annual Hack the Capitol event in McLean, Va. on May 10. While the agency continues to work with government, large companies, and technology vendors on improving security, CISA aims to see how much it can help smaller organization fend off cyber threats as well.
The goal is to understand their needs, what they need to be able to invest in security, and where CISA can help them defend their capabilities, Easterly said.
“How do we help a school district, can we help a small hospital, or help a water facility using … free services, using assessments, using things like our cyber hygiene, [and] vulnerability scanning?” she said. “Can we help them reduce threats? So we’re trying to spend a whole year doing this, and at the end of the year, we will see if we have been able to make any difference.”
The focus on smaller organizations acknowledges that often SMBs, local government agencies, and schools have been overlooked and not included in the push to create