The U.S. Government Accountability Office (GAO) was asked to review federal efforts to provide ransomware prevention and response assistance to state, local, tribal, and territorial (SLTT) government organizations. The report found that most government entities are satisfied with the agencies’ prevention and response efforts, though many cited inconsistent communication during attacks as a problem. With this in mind, the GAO has suggested that federal agencies address cited issues and follow key practices for better collaboration.
The GAO reviewed agency documentation from eight federal agencies to identify efforts to help these governments address ransomware threats. The report looks into how federal agencies assist these organizations in protecting their assets against ransomware attacks and in responding to related incidents, organizations’ perspectives on ransomware assistance received from federal agencies, and the extent to which federal agencies addressed key practices for effective collaboration when assisting these organizations. The watchdog conducted the performance audit from January last year to September this year in line with generally accepted government auditing standards.
GAO interviewed officials from the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), Secret Service, Department of Justice, Federal Emergency Management Agency (FEMA), Department of Commerce’s National Institute for Standards and Technology (NIST), National Guard Bureau, and the Department of the Treasury. It also talked to officials from government organizations receiving federal ransomware assistance who volunteered to share their perspectives. These officials represented governments from four states, eight localities, and one tribal nation.
GAO identified three federal agencies that provide direct ransomware