Once the partner organization recovered from the attack, it sought access to state systems again. But it couldn’t immediately tell Hanks how the attack had succeeded. Not knowing if the problem could happen again, Montana declined to restore the organization’s access to state systems until it figured out how intruders got into the network. Eventually, “the organization discovered someone used a personal email to download malware, which infected their system,” Hanks said.
Yet another lesson to embrace: Develop an incident response plan, and tailor plans for each vendor. “If they have an incident, they must take these steps. And vice versa, if we have an incident, a partner must take these steps,” he said.
Agencies May Seek Certification from FedRAMP or StateRAMP
To manage risk associated with its vendor community, Montana would turn to the FedRAMP marketplace when appropriate, Hanks said. The state is now using StateRAMP, the young nonprofit that works for state and local government to ensure cloud service providers maintain strong cybersecurity measures.
Once, during a particularly complicated procurement, Montana officials turned to TX-RAMP, Texas’s…
