One of the youngest federal agencies is expanding to Spokane in an effort to help local governments and businesses in Eastern Washington and North Idaho protect themselves from physical and cyberattacks.
The first challenge: letting people know it exists.
The Cybersecurity and Infrastructure Agency was established under the Department of Homeland Security in 2018 amid growing concern over the threat of cyberattacks and election security. The agency has had Seattle-based staff for several years, but an increased request for services in the Inland Northwest prompted the agency to hire a Spokane-based team, who set up shop in the area in late January.
The new Spokane team is composed of Steve Neal, who handles physical security, and Dan Brown, who focuses on cybersecurity. In their first weeks on the job, the team members say they've been focused on meeting with local entities, building relationships, and letting people know they're here and want to help.
CISA works with a variety of entities, including state, local and tribal governments, schools, water facilities, energy providers and the health care sector.
The main service they offer is consultations. On the physical security side of things, those consultations involve an in-person visit from Neal, who will look around the facility for weaknesses a bad actor might try to exploit. On the cyber side of things, Brown will look for vulnerabilities with tools like network scans and fake phishing campaigns.
[email protected]
The security analysts aren't able to talk about specific partnerships or security incidents involving local entities, but it's clear that the threats facing local governments and businesses are very real. Last fall, hackers crippled Whitworth University's computer network and held student data hostage. In 2021, computer science students at Eastern Washington University narrowly prevented a Russian cyberattack on the city of Spokane Valley. A recent string of unexplained attacks on power stations across the Pacific Northwest has also underscored the physical threats facing infrastructure.
Despite the threats, Ian Moore, who works for the agency as the state's cybersecurity coordinator, says many entities don't invest in security until it's too late. Whenever he sees a story about a ransomware attack on the news, Moore says his first reaction is often: "They should have called us."
CISA isn't a regulatory or law enforcement agency. The consultations are free, and the agency's work with local governments and businesses is done on a voluntary basis. But CISA is small and still relatively unknown. Entities don't always know about the agency, or are worried about sharing private information, regulatory scrutiny or spending money on security upgrades.
Neal stresses that the agency isn't out to get people in trouble for not having proper security measures in place. The information gathered during consultations is protected from public disclosure requests and isn't releasable to regulatory agencies, Neal says.
Neal and Brown hope establishing a presence in the Inland Northwest will improve communication and relationships across various sectors. Brown says local school districts have been an especially strong focus. Especially in rural areas, schools often lack the funding for dedicated cybersecurity staff. It's a role Brown hopes his work with CISA can help fill.
"It's not just the big entities, the Googles and the Apples, that have to worry about cyber stuff. It's everybody," Brown says. ♦
