Trustwave's 2024 Financial Services Threat Reports Highlight Alarming Trends in Insider Threats & Phishing-as-a-Service. Learn More
Get access to immediate incident response assistance.
Get access to immediate incident response assistance.
Trustwave's 2024 Financial Services Threat Reports Highlight Alarming Trends in Insider Threats & Phishing-as-a-Service. Learn More
Tribal governments are among the most underserved organizations in the US when it comes to cybersecurity preparation, with threat actors striking multiple tribes with a variety of cyberattacks.
These include the April 2021 ransomware attacks on the Three Affiliated Tribes—the Mandan, Hidatsa, and Arikara Nation management information system. Additional attacks have targeted tribe-operated casinos. No entity is safe from a cyberattack.
To help alleviate this issue, the 2023 Department of Homeland Security (DHS) has created the Tribal Cybersecurity Grant Program (TCGP), this $18.2 million is designed to distribute money to tribal authorities enabling them to boost the cybersecurity and resilience of tribally owned or operated information systems.
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Emergency Management Agency (FEMA) jointly manage the TCGP.
According to the CISA overview, “CISA will provide cybersecurity programmatic subject-matter expertise by defining goals and objectives, reviewing and approving cybersecurity plans to establish measures of effectiveness, and organizing Objective Review Panels to review and score applications. FEMA will provide administrative guidance through conducting eligibility reviews and issuing and administering the grant awards consistent with all applicable laws, regulations, and policies.”
“The TCGP funding has the ability to quickly boost a tribal government’s cybersecurity posture,” said Bill Rucker, President of Trustwave Government Solutions. “Just like any smaller community or organization, a myriad of high-priority targets operate on tribal lands in the US. These range from hospitals to local government and casinos, all needing to be secure.”
All 574 federally recognized tribal governments are eligible to apply. Tribes must submit a Cybersecurity Plan, Cybersecurity Planning Committee List, and Charter by January 10, 2024, before award funding is received. The application process can take up to four weeks to complete.
The TCGP is similar in concept to the State and Local Cybersecurity Grant Program, which is designed to accomplish the same mission with smaller municipalities across the US.
In their 2023 application, a tribal government must address how it will establish cyber governance and planning within its borders, specifically how the tribe will meet the following four objectives. Trustwave Government Solutions (TGS) is perfectly positioned to assist a tribal government to meet the four TCGP objectives.
TGS’s analyst-lauded cyber advisory services can help satisfy step one by covering all aspects of cybersecurity strategy, governance, risk, and compliance. TGS does not give advice and leave an organization but offers long-term support via services like virtual CISO and subscription services such as Managed Vendor Risk Assessment to plan and align our clients with their long-term cyber strategies.
TGS begins by listening to understand how to be the most effective for your security needs. Next, we interview key personnel, review policies and processes, and curate artifacts, including previous security assessments.
TGS then aggregates our industry threat and trends research and schedules workshops with your team to validate findings and help shape your target state. The result is a long-term pragmatic roadmap, including quick wins and financial justifications to help gain executive buy-in.
For step two, TGS knows managing a tribe’s locations, networks, and endpoints, securing data, and maintaining compliance can be challenging. Bad actors exploit vulnerabilities, while in-house security teams often struggle to identify the gaps and develop a roadmap for remediation or patching.
However, a consistent end-to-end cybersecurity testing program will help you pinpoint known and previously unknown vulnerabilities. TGS SpiderLabs Testing provides your team with clear remediation guidance so you can strengthen your security program and protect your organization and its data.
Trustwave SpiderLabs certified vulnerability, penetration testing, and scenario testing experts will also work with your team to understand your current security programs and patch processes. From there, we will develop a targeted testing program to achieve your testing objectives. After the testing process, we report our findings and work with you to develop actionable remediation plans to address gaps, implement patches, and mature your security operations.
TGS created a separate, US-Restricted Point of Delivery managed security service offering to accommodate the stringent security requirements associated with providing MSSP services to the Federal, State and Local, Tribal governments and defense industrial base (DIB).
This offering replicates the award-winning cloud-native Trustwave Fusion platform developed by Trustwave Holdings and modernized over the previous four years into an AWS GovCloud environment. TGS’ MSS solution leverages the same principles, processes, and procedures of our global managed security services but tailors them to the specific needs of US federal agencies that need additional security models built into the managed security solution.
Trustwave’s Consulting and Professional Services team and our Security Colony platform can develop customized or pre-prepared security awareness training specific to your environment. Annual compliance training, phishing awareness backed by phishing exercises, and deeply technical staff training are all possibilities.
The Trustwave SpiderLabs team has trained Federal and State Law Enforcement agencies in data collection, forensic analysis, point-of-sale system forensics, and advanced network intrusions for over 12 years. Courses are readily available to train Tribal Police and internal incident responders.
The TCGP allows multiple tribes to partner and apply as a tribal consortium. A tribal consortium should only submit one application for the group. The tier chosen for review of a grant application from the Tribal Consortium will be based on the highest populated tribe.
In the end, threat actors only look at a target to see if it’s vulnerable; attackers do not care if their activities cause harm to individuals or monetary loss. The TCGP is an excellent program that can greatly boost a tribal authority’s ability to raise its cybersecurity posture.
Let Trustwave Government Solutions help you become more secure.
Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.
Copyright © 2024 Trustwave Holdings, Inc. All rights reserved.