TAGITM Monthly
 

TAGITM Forms Cybersecurity Committee

Print this Article | Send to Colleague

Following the August cybersecurity event that recently affected more than 20 Texas agencies, the TAGITM Board of Directors formed a cybersecurity committee to highlight the communication breakdown that occurred with the appropriate agencies and influence change to the communication process before the inevitable next event occurs. TAGITM Board President Scott Joyce named Beth Ann Unger as chair of the committee. Bernie Acre was named vice-chair. Beth Ann, Bernie and Scott reviewed the numerous qualified candidates and selected a working committee representative of cities, counties and utility districts of various sizes across the state.

Cybersecurity Committee Members

  • Beth Ann Unger, City of Frisco – Chair
  • Bernie Acre, City of Bryan – Vice-Chair
  • Don Bell, Smith County
  • Neil Cardwell, City of Forney
  • Eric Yancy, City of Irving
  • Kevin Joyner, Brazos County
  • Greg Givens, City of Frisco – Ad Hoc Member
  • Scott Smith, City of Bryan – Ad Hoc Member

The Cybersecurity Committee has met several times since its inception. Additionally, Beth Ann and Bernie have been in contact with senior representatives from Texas Department of Information Resources (DIR), Regional Coordinators with the Texas Department of Emergency Management (TDEM), Department of Homeland Security (DHS), Texas A&M Security Operations Center (SOC) and the TML Risk Pool. 

The ultimate goal of the TAGITM Board of Directors is multi-faceted. This includes a better understanding of what happened during the statewide cyber event and how communication was managed. However, the ultimate goal is to influence change at the state level to improve state-wide communications going forward. 

The committee learned that DIR has been designated by the Governor as the lead for cybersecurity events affecting local government in the State of Texas.  DIR would then request resources from agencies such as DHS, Texas A&M SOC, MS-ISAC and TDEM as required. This was the first such event that exclusively affected Texas agencies and the first time the governor declared a cybersecurity event disaster. DIR acknowledged that as with any first event, there are always learning opportunities and communication is one area that requires improvement. 

Initial discussions have been promising and they are asking for input from the Cybersecurity Committee. DIR Chief Information Security Officer Nancy Rainosek has agreed to schedule a follow up meeting with the DIR cybersecurity leadership, the Texas Cybersecurity Council and TDEM leadership in Austin in the coming weeks to discuss opportunities to improve pre- and post-incident communications related to threats and resources available to local government during an event. The overall intent at this time is to discuss and reuse existing secure channels wherever possible.

The following mission statement was drafted by the committee and approved by the TAGITM Executive Board.

TAGITM Cybersecurity Committee Mission

The August 2019 ransomware event that affected 22 agencies in Texas brought to light the challenges with dissemination of information to local government in the event of a significant cybersecurity event/disaster affecting Texas agencies. In the aftermath of this event, the TAGITM Cybersecurity Committee’s mission is make a concerted and coordinated effort to contact the agencies involved in managing such an event and work together to answer the following questions and help local government be better prepared to react and defend against such attacks in the future.

  • What constitutes a cybersecurity disaster?
  • What is the appropriate channel for early, accurate, and timely communication?
  • Who has jurisdiction over a cybersecurity disaster?
  • What is the incident response process and who is authorized to communicate?
  • How do we get the information required to help protect our agencies and prevent the incident from spreading further?

While we don't need to know specific actors or get information that would jeopardize the investigation, to the extent possible, we need to know. Note that local government IT is already required to complete CJIS background checks and training for CJIS certification.

  • Hash file/payload
  • Domain name(s)
  • IP address if known
  • Type of virus/variant
  • Vector of attack/how it came in

The committee will provide additional updates as they become available via future issues of the newsletter, email and/or the Listserv.

 

Back to TAGITM Monthly

Share on Facebook Share on Twitter Share on LinkedIn