May 13, 2020
In the September 17, 2019 edition of NCSC's Court Talk podcast, Charles Byers, the chief information officer for the Kentucky Court of Justice, talked about when, not if, a cyberattack would hit your court. The topic has recently come back to the fore due to a recent court ransomware attack.
Byers talked about two similar attacks that took place in his state, the first in which the courts did not have a response plan and the other in which they did. Byers further elaborated on his experience and the lessons learned at CTC 2019 where he gave a presentation entitled directly enough “How I Almost Lost My Job – The Importance of Having a Cybersecurity Response Plan” (video here, PowerPoint slides here). Among the steps he took
- Developing the Cybersecurity Response Plan and what each section of the plan looked like
- Taking a holistic view of security operations as a key part of court operations and not something "bolted on"
- Identification of the seven steps for a Security Incident Response
- Identification of the Roles and Teams associated with plan development and incident response
- How the plan actually worked when a cyberattack occurred in 2019 and lessons learned
Several NCSC publications have focused on this area of cybersecurity and cyberattacks:
- Joint Technology Committee Resource Bulletin Responding to a Cyberattack released in December 2019.
- Cybersecurity: Protecting Court Data Assets by Brian J. McLaughlin of the New Jersey Courts in the 2018 edition of Trends in Courts
- Beyond Buzzwords: Building an Information Security Foundation by Sajed Naseem & Brian J. McLaughlin of the New Jersey Courts in the 2019 edition of Trends in Courts
- NCSC's July 2019 report on Courts Emergency Management "Lessons Learned" and in particular Lesson 6-6: Prepare for a Technology-Specific Disaster