Concord Monitor Highlights How New Hampshire’s New Cybersecurity Coordinator Can Help Protect Local and Private Entities from Cyberattacks
WASHINGTON – In case you missed it, U.S. Senator Maggie Hassan created a federally funded cybersecurity coordinator position in all 50 states earlier this year in an effort to help federal, state, and local governments, as well as schools, hospitals, and other entities, coordinate and better protect their systems against cyberattacks.
Concord Monitor’s David Brooks recently spoke with New Hampshire’s new cybersecurity coordinator, Rick Rossi, to discuss how his role will help New Hampshire defend their systems from cyberattacks, including ransomware. Senator Hassan met with Mr. Rossi earlier this month.
Click here or see below for highlights in the Concord Monitor:
Let’s say you live in Canterbury and get an email from “firstname.lastname@example.org” warning that your car registration is about to be revoked for nonpayment, and letting you know the town’s convenient online payment system is available. Just click through and use your credit card!
Whether or not you fall for this scam, you almost certainly won’t spot the tell-tale error in the address. The town’s website and email actually end in “canterbury-nh.org,” with a hyphen.
Scammers have long made use of almost-correct email addresses like that to make people think they’re dealing with a reputable source. Most recently, this is how scammers got Peterborough town hall to send them more than $2 million that should have gone to contractors.
If you live in Concord, however, you don’t need to worry about a similar scam from “email@example.com” rather than the true “concordnh.gov” for a surprising reason: Those last three letters.
Why? Here’s an explanation from the state’s new cybersecurity coordinator, a position recently created through legislation crafted by U.S. Sen. Maggie Hassan.
“One of the things we’re doing is transitioning municipalities to ‘dot gov’ for top-level domain,” said Rossi. “With dot-gov … you know it’s not a malicious actor who has registered a domain.”
[…] Rossi is part of the Cybersecurity and Infrastructure Security Agency under the U.S. Department of Homeland Security. The creation of a CISA coordinator for every state, rather than just for each region, is part of expanding efforts to keep governments and private industry from falling prey to ever-increasing online threats.
As a part of the expansion, Rossi said, CISA is offering dot-gov registration to New Hampshire towns and cities for free.
CISA also offers training, including tabletop exercises, vulnerability scanning and phishing campaign assessments, and helps develop incident response plans if something does go wrong – all at no cost. His advice and expertise is available from the biggest firms to tiniest offices.
“Bad actors are not just looking for big fish,” Rossi said.
“A big part of my job is getting out there and ensuring that smaller local governments, smaller private sector players, are prepared. Places where employees that don’t know a whole lot; their day job is town clerk, finance administrator, and they’re not trained in IT security,” he said. “We’ll get an email saying: ‘We have no idea what we’re doing! we have five computers, don’t know how to connect them, just had phishing emails – please help us!’”
The Internet of Things, which greatly increases the number of connections to a network and therefore possible points of entry, is complicating matters, Rossi noted, adding: “When 5G becomes a reality, we’re going to have even more of them.”
“By acting as a link between the federal government and state, local, and private entities, Mr. Rossi’s coordination and expertise will help strengthen our state’s cybersecurity,” Hassan said after meeting with Rossi.
Rossi’s advice and guidance is available for free to any institution in New Hampshire. Just send me him a note at firstname.lastname@example.org or email@example.com – and yes, the address do end in dot-gov.