In view of many ransomware attacks on state and local governments, the Virginia General Assembly directed the Virginia Information Technologies Agency (VITA) to study the Commonwealth’s ransomware attack preparedness and to report back by the start of the 2021 General Assembly Session. Among other provisions, the enacted resolution provides that all agencies of the Commonwealth shall provide assistance to VITA for this study and that VITA shall assess the Commonwealth’s susceptibility to ransomware attacks at the state and local levels of government
The subjects of the study include the Commonwealth’s susceptibility to ransomware attacks at the state and local levels of government; current data encryption and backup strategies; tools to monitor unusual access requests, viruses, and network traffic; and recommendations on legislative or regulatory changes.
To understand and report on the current environment and needs in the Commonwealth, VITA has requested the assistance of local governments. The following survey developed by VITA is intended to inform the study and policymakers’ further responses to the ransomware threat. Responses to this survey can be submitted anonymously on behalf of any Virginia state or local governmental organization.
VITA estimates that responding to the survey would take someone knowledgeable about an organization’s cybersecurity approximately 30 minutes to complete. It includes 64 multiple-choice questions, as well as three open-ended questions asking what your organization’s biggest IT security challenge and top priority are and how the Commonwealth can help you.
VITA is asking for candor in your responses. Responses will be stored at VITA and accessible only to those working on the ransomware study and agency leaders overseeing that work. Information provided will be kept confidential in accordance with Virginia law. See Va. Code § 2.2-3705.2(2) & (14). Survey responses will be incorporated into the study report, or otherwise disclosed, only in an aggregate, summary, or anonymous way that does not identify or permit profiling of any individual respondents.
This survey will close on September 4, 2020. VITA kindly asks for responses by that date. If you want to edit previously submitted responses, or stop and restart responding, please see the attached instructions.
If you have questions about confidentiality and this survey, please write to VITA at foia@vita.virginia.gov, and VITA will get in touch with you promptly. If you have any other questions, or you would like to provide information not covered in this survey, please email CommonwealthSecurity@vita.virginia.gov, and VITA will be happy to get back to you. Please use “ATTN: Ransomware Committee” in the Subject line to assist with routing inquiries.
The survey can be accessed here. Thank you for your assistance.
As previously reported, VACo recently announced a partnership with the National Association of Counties (NACo) to strengthen local governments’ cybersecurity efforts. The NACo Cybersecurity Collaborative will provide Virginia’s counties with access to top tier technology security professionals, information, intelligence, best practices and other resources to prepare for, prevent and mitigate cybersecurity threats.
The NACo Cybersecurity Collaborative is a peer-based network that shares proven action plans to drive cyber readiness, implementation guides and comprehensive checklists. Members of the collaborative have access to customizable policies and procedures for governance controls and compliance, and the ability to connect with experts to ask real-time questions for guidance on real-time issues. Learn more here.
VACo Contacts: Jeremy R. Bennett and Karie Walker