Gov’t invests $7.6M to tighten cybersecurity systems at public agencies
The government of Puerto Rico announced a $7.6 million investment to strengthen cybersecurity measures at public agencies with the Multi-State Information Sharing Analysis Center (MS-ISAC), a component of the Center for Internet Security (CIS), the entity designated by the US Department of Homeland Security for the prevention and management of cyber threats for state and territory governments.
Homeland Security and the Cybersecurity and Infrastructure Security Agency are the federal agencies that handle the US government’s cybersecurity and critical infrastructure issues. Through an agreement, those agencies delegated the responsibility for cybersecurity of local and territorial governments to the CIS.
The agreement provides Endpoint Detection and Response services in partnership with Crowdstrike, a provider of this type of service.
“It will also help minimize or prevent the impact of any phishing/ransomware type cyber-attack that the government of Puerto Rico may experience, since we will have a 24/7/365 monitoring service by the MS-ISAC’s Security Operations Center in New York,” said Nannette Martínez-Ortiz, interim executive director of the Puerto Rico Innovation and Technology Services (PRITS).
PRITS has launched a series of initiatives aimed at strengthening government agency computer systems to transform the way in which services are offered to citizens and promote the prevention and protection of cyber threats, she said.
PRITS-led cybersecurity efforts include the Cybersecurity Policy that sets standards and guidelines for employees.
Likewise, SIEM, EDR, Identity Protection, and Firewalls Monitoring were implemented to centralize security alerts from government agencies and to monitor and protect the interagency network, user accounts and their respective devices.
In relation to the incident response system, a reporting process was implemented in the PRITS incident management system, where agencies must report all incidents more efficiently.
The guide to report security incidents was created and as part of the incident response process, a cybersecurity company was hired to provide support in the mitigation and recovery of any cyber-attack that any government agency may experience.
Among the several cybersecurity efforts are collaborative agreements between PRITS and federal agencies such as the Cybersecurity & Infrastructure Security Agency and the Federal Bureau of Investigation, as well as the Multi-State Information Sharing & Analysis Center.
Also, under the efforts of PRITS Academy, cybersecurity training has been offered to agencies, together with the Cybersecurity and Infrastructure Security Agency.
Security in existing cloud products has been strengthened, security products in agencies have been better configured, and better cybersecurity components from Microsoft have been included as government agencies use their cloud licenses and services.
This announcement comes several weeks after the government reestablished the AutoExpreso website — which operates the island’s automated toll payment system — that was down earlier this year following a massive cyber-attack.