The National Security Agency (NSA), charged with defending the security of the United States, oversees many cybersecurity efforts ranging from cyberespionage to cyber incident response. At the cutting edge of protecting our country in cyberspace, the NSA on its website says the following as part of its guidance to businesses:
"Cybersecurity metrics based on how fast an incident ticket is closed can be misleading. Responders may focus on closing the alert, as opposed to seeking a holistic understanding of the threat activity. Incident responders should be challenged to anticipate reactions that would be used against newly implemented countermeasures, as a persistent adversary may continue to probe for entry points into a network of interest. SOCs [Security Operations Centers] should always strive to preemptively defensive actions and infuse an innovative mentality amongst their teams in pursuit of new adversary tradecraft."
While a bit technical, this statement basically suggests that someone responsible for IT support can miss a lot of details about security incidents if they are not incentivized to be curious. Rather, they may be incentivized to close a ticket as fast as possible, leading to hasty diagnoses of incidents that overlook wider, deeper, or more holistic analyses of a problem.
When we start working with cities, it is common that we uncover bad habits that have made those cities less secure overall. Untrained staff or even previous IT engineers and vendors working too fast to solve issues often reveals that cities are trying to take shortcuts in three ways.
1. Underspending on information technology and helpdesk support.
Yes, responding quickly to an issue is desired and needed. But when the person(s) responsible for IT focuses on speed to close the ticket versus understanding the issue, there is a risk that the issue hasn’t been truly resolved. Without adequate time spent showing curiosity or looking deeper for a root cause, it’s likely the person is overwhelmed—increasing the risk of unresolved issues. Too few people handling too many incidents. A clear sign of IT underspending.
We see this underspending at many cities when one person stays crazily busy as the only person handling all IT incidents along with handling their other job responsibilities. Assigning IT support to someone seen as the “computer power user” at City Hall and the Police Department might seem cost-effective, but they are going to stay completely overwhelmed putting out fires and rarely have time to thoroughly analyze anything.
Cities need an IT helpdesk with the resources to do a more thorough analysis of IT issues and incidents.
2. Thinking as-needed IT support is a wise cost-cutting measure.
A common financial misperception with IT support is that paying only for “what you need” works better for a city. Nothing could be farther from the truth. When cities pay an hourly rate for “as needed” IT support, you will pressure engineers to solve your problems as quickly as possible. Otherwise, you will overly focus on time, not quality of work, and feel the engineers are wasting billable hours. IT vendors feel that pressure from you and may take shortcuts.
When you use fixed cost IT support, the engineers are incentivized to find the root cause of your issues and prevent those issues from draining more of their time in the future. We tell our city customers that our team is motivated to fix issues completely the first time because it costs us—not the city—more when we must revisit an issue.
3. Using underqualified IT resources.
An underqualified IT resource can come in many flavors:
- Relying on a junior-level engineer as your one IT staff person to solve all issues.
- Using an offshore or entry-level staffed IT helpdesk full of underexperienced, script readers bad at diagnosing problems.
- Hiring a local “repairperson” instead of an IT professional. Is a local IT person who also installs car stereos for a living going to know how to identify cyber threat activity at cities?
Underqualified resources are cheaper on paper but cost you a lot in the long run because they take longer to resolve issues, fail to properly diagnose issues, and get in over their heads quickly. And then there is simply the great risk of what they don’t know because they are untrained, unexperienced, or left behind by this fast-paced, increasingly complex technology world.
A helpdesk full of qualified resources includes engineers taking calls and working through tickets while managers oversee the engineers. These managers assess resolutions, look for patterns, and identify trends and issues with customers. A team.
Cost-cutting measures focused only on price will also affect your city’s security as well as your operations. Cybersecurity has become a serious issue for cities. Not having the right IT support can open your city up to financial and legal liability from the effects of ransomware, viruses, and data breaches. The NSA is not kidding when they say you need an experienced helpdesk that is truly curious about getting to the root of your IT issues.