Analyzing the Baltimore City Ransomware Attack Through the NIST Cybersecurity Framework Core
The May, 2019 ransomware attack on Baltimore City government servers has garnered a lot of coverage and criticism in the press. But the City is not alone in struggling to grapple with the ever-present threat of ransomware and more generally, cybersecurity risk. Whether we run a business, a non-profit, an educational institution or a government agency, we can all learn from the City’s experiences. And whereas ransomware attacks on private companies usually go unreported, press coverage of the Baltimore City attack ensures that we have a factual basis on which to build an analysis.
My latest full-length blog, published as a guest post on the University of Maryland Center for Health & Homeland Security (CHHS) website, analyzes the City’s response to the attack through the lens of the NIST Cybersecurity Framework Core. Specifically, I break down the City’s successes and failures using the Framework Core’s five functions: Identify, Protect, Detect, Respond, and Recover. These functions were designed by NIST to help organizations express management of cybersecurity risk by organizing information, enabling risk management decisions, addressing threats, and improving by learning from previous activities.