Hacker themed films always tend to focus on threats against nation-wide organizations, such as army infrastructures, intelligence and counter-intelligence agencies, or even huge hydroelectric power plants whose failure threaten to flood thousands of square kilometres, affecting millions of people. Of course, in the end the unlikely hero saves the day and order is restored, at least until Hollywood feels in the mood for a sequel. But in the real world, although it’s true that a successful attack against nation-wide organizations or infrastructure would most likely have a terrible outcome, there are easier targets for malicious actors that can also have a great impact on the lives of those affected. These are Local Public Administrations (LPAs).
In an attempt to ease the lives of their citizens, many LPAs are providing more and more online services that are susceptible of being attacked by malicious users. Even without the threat of an external actor, the amount of citizen information that has been digitalized and is currently stored in any LPA’s premises is huge, and the risk of it being voluntarily or involuntarily mishandled is too great to be overlooked. Besides, a great percentage of the LPA’s employees are middle-aged people who don’t have neither the required expertise on cybersecurity awareness nor the means or time to acquire it by themselves. In many cases, not even the IT department itself is sure how to handle the increasing number of threats they have to face in an almost daily basis.
In order to address this issue, the COMPACT project (COmpetitive Methods to protect local Public Administration from Cybersecurity Threats) has been set up by a series of European technical partners and municipalities.
The COMPACT project tries to provide services to LPAs in four areas:
- Risk assessment: So that LPAs can evaluate the risk level they are currently facing, and which are the most critical issues that have to be addressed in order to improve it.
- Education services: By providing a novel gamified approach to education services, COMPACT attempts to overcome LPA employees’ reluctance to cybersecurity training.
- Monitoring services: A specific set of tools is provided to LPAs in order to more easily monitor what is happening within their infrastructure, allowing them to detect and react in the face of threats.
- Knowledge sharing services: Because LPAs are not completely independent of each other, it’s important that they can communicate between them in order to react to ongoing threats. Besides, national or European level entities can also provide guidance and support for LPAs, in the form of best practices or more advanced cybersecurity related knowledge.
By the end of April, the COMPACT project will be ending its first year, meaning the end of the design phase and starting implementation of the different services that in the end will be provided to LPAs.
S21sec, as a cybersecurity services provider with more than 15 years of expertise in the field of LPA protection, takes part in this initiative by providing advanced monitoring tools that allow LPAs to detect malware infections in their infrastructures. By using S21sec’s malware detection platform, which allows the analysis of thousands of samples every day, and with the knowledge of the malware experts behind this service, LPAs can rest assured that their infrastructure will not be impacted.
More information can be found on the COMPACT project website: https://www.compact-project.eu