Courts like many organizations are increasingly targeted by cyberattacks due to their role in handling vast amounts of sensitive information and the handling of high-profile cases.
These attacks have become more sophisticated, ranging from ransomware to advanced data theft schemes, putting courts and those they serve at significant risk.
The National Center for State Courts (NCSC) is dedicated to enhancing courts' cybersecurity resilience. With its extensive expertise in court operations, case management systems, and technology infrastructure, the NCSC offers valuable insights into the unique cybersecurity challenges faced by the judiciary.
NCSC offers a range of services to help courts strengthen their cybersecurity posture. These services include assistance in developing comprehensive cybersecurity programs, establishing robust policy frameworks, and conducting initial IT Risk Assessments.
For more information or assistance, please contact cyber@ncsc.org.
IT Risk Assessment
Is your court ready to strengthen its cybersecurity defenses?
The NCSC offers a comprehensive initial IT Risk Assessment designed specifically for courts, helping you prepare for a formal certified cybersecurity assessment.
Our IT Risk Assessment thoroughly evaluates your court's current technology environment, including infrastructure, endpoints, staffing, and software. We also assess your court's existing policies, planning, monitoring practices, training programs, data security systems, and maintenance procedures.
Upon completion, your court will receive a detailed report that categorizes your cybersecurity posture based on NIST's five core functions: Identify (ID), Protect (PR), Detect (DE), Respond (RE), and Recover (RC). The report will also provide targeted recommendations for addressing any identified risks and vulnerabilities.
For more information, please contact cyber@ncsc.org.
Cybersecurity on a Shoestring Budget
December 12, 2022
In this webinar, a panel of Court Information Technology Officer Consortium (CITOC) representatives review the Center for Internet Security (CIS) Critical Security Controls and the minimum standard of information security required for all enterprises. The CIS Controls are a prescriptive, prioritized, and simplified set of best practices that courts can use to strengthen their cybersecurity posture. Attendees also learn about free and low-cost resources available to bolster IT security.
What to Expect from the Industry, and What the Industry Expects from You
November 14, 2022
Are courts confident that their solution providers are meeting the terms of their agreements? Are standards and templates available to ensure compliance?
In this Joint Technology Committee (JTC) Cyber-Monday webinar, industry experts will provide insights into how courts can assess whether their solution providers are fulfilling contractual obligations. The session covers essential standards and templates to help courts evaluate provider performance effectively. Additionally, the webinar addresses what solution providers expect from their court clients to ensure a successful partnership
Communication and Managing Expectations During a Cyber-Attack
October 17, 2022
Imagine starting your workday only to find that your email is not syncing, and you cannot access any internal files. The IT team informs you that a cyber-attack has occurred, and now, it is your responsibility to inform both your staff and the community.
Members of the Joint Technology Committee (JTC) share how to effectively communicate and manage expectations during a cyber-attack. Our expert presenters outline the roles of the Public Information Officer and Chief Technology Officer and offer practical tips for effectively communicating key messages to both internal and external audiences.
My Court's Been Hacked! Now What?
September 12, 2022
Join an expert-led webinar featuring specialists from Arizona, CISA, and NCSC as they detail essential cybersecurity services tailored for courts. Learn practical strategies to enhance your court’s resilience against ransomware attacks, ensuring swift recovery and uninterrupted operations. Discover actionable steps to protect your court system and maintain its functionality, even in the face of cyber threats.
What's in Your Cyber COOP?
May 23, 2022
In court leadership, “continuity of operations planning” (COOP) is essential for disaster preparedness and recovery. Ensuring continuous operations is crucial for public perception and ongoing accessibility, especially as technology plays a growing role in court functions.
While traditional COOP plans often address natural disasters, courthouse violence, and utility interruptions, they frequently overlook cybersecurity. This webinar provides expert guidance on developing a robust cyber-COOP, explores policy implications for the judicial branch, and explains how the NACM Core Framework supports effective continuity strategies.
Watch this webinar to learn how to strengthen your court’s resilience against cyber threats and ensure operational continuity.
Cyber Insurance – Should You Pay the Ransom?
April 25, 2022
Join members of the Court Information Technology Officers Consortium (CITOC) and risk management leaders from both government and private sectors as they explore the intricacies of cyber insurance.
The panel of experts explores the advantages and disadvantages of cyber insurance for court managers and considers the broader questions on: "What is cyber insurance?", "How does it work?", "What does cyber insurance cover?", and "Is cyber insurance worth the investment?".
This webinar provides a clear understanding of how cyber insurance can protect your court from cyber threats. Learn from experts as they delve into the details and answer questions on this vital topic.
An Overview of the JTC’s Cybersecurity Basics for Courts
March 28, 2022
This webinar reviews the JTC Resource Bulletin on Cybersecurity Basics for Courts. It covers topics such as incident prevention, assembling and managing an Incident Response Team, and creating a cybersecurity action plan. Panelists also discuss the Center for Internet Security and its Multi-State Information Sharing and Analysis Center (MS-ISAC). The mission of MS-ISAC is to improve the overall cybersecurity posture of state, local, tribal, and territorial governments by focusing on cyber threat prevention, protection, response, and recovery.
Tales from the Cyber-Frontlines - Lessons from Lived Experiences
February 28, 2022
State courts must take proactive steps to address and prepare for the threat of cyberattacks. Acknowledging the serious risks posed by cyber threats, the CCJ-COSCA recently adopted Resolution 2, which outlines specific actions courts should take to manage cybersecurity risks. This Cyber Monday webinar reviews the resolution and features insights from court leaders in Texas and Alaska who have experienced cyberattacks firsthand.
Cybersecurity in the Courts
Report | December 2022
NCSC through a grant from SJI has concluded a project to take a more in-depth look at Cybersecurity in the Courts. This report describes this project and results that compares cybersecurity surveys conducted in 2017 and 2021 as well as some general insights gleaned from on-site cybersecurity assessments conducted as part of this project.
Cybersecurity Basics for Courts
Resource Paper | September 2021
Cybersecurity threats are a reality for all organizations, public and private. In spite of good prevention efforts, every court will almost certainly face a cybersecurity incident including data breach or cyberattack. This Joint Technology Committee (JTC) resource paper provides a basic explanation of prevention techniques and the preparations necessary for court managers to respond quickly and effectively in the event of a cybersecurity incident. (Version 3.0, adopted September 2021)
CCJ/COSCA Resolution 2 in Support of Increased Cybersecurity Practices in State Courts
Resolution | December 2021
The Conference of Chief Justices (CCJ) and Conference of State Court Administrators (COSCA) urge their members to take concrete action to address cybersecurity risks as identified in the COSCA/NACM Joint Technology Committee’s September 2021 publication entitled “Cybersecurity Basics for Courts.” The resolution was adopted as proposed by COSCA/NACM Joint Technology Committee at the COSCA 2021 Midyear Meeting and by the CCJ Board of Directors on December 22, 2021.
Actionable Cybersecurity For Courts
Report | May 2020
This resource outlines actionable cybersecurity measures that courts should adopt to protect information.
Prior to applying these standards, courts are advised to establish an information classification system or policy that categorizes all data in accordance with legal and state guidelines (e.g., public, administrative, confidential). This classification is crucial, as it ensures that cybersecurity measures are tailored to the specific needs of different types of information, particularly in distinguishing between confidential and public data.
Cybersecurity and Disaster Recovery Regional Workshops
Building resilience and capacity requires a blend of information, resources, planning, and preparation.
These workshops bring this blend together using a hybrid approach consisting first of an estimated 2 days of online education and training, approximately two to four weeks of information gathering and preparation, finally followed by a 1.5-day onsite event where additional education, training, and tabletop exercises conducted by NCSC, Center for Internet Security (CIS), National Emergency Management Association (NEMA), and other industry experts in the field.
Read about the regional workshop held in Sun Valley, Idaho, in September 2024.
(Individual registration is not offered for the workshops; each region decides its participants when the regional event is scheduled.)