Government gets onboard with cybersecurity tools

Cybersecurity is a growing issue for local governments as they struggle to stay ahead of an ever-changing threat environment. In fact, Oakland County’s Deputy County Executive and CIO Phil Bertolini says cybersecurity is Oakland County’s number-one priority.

“We stress that every government agency, regardless of size, take cybersecurity seriously. It’s no longer about if it will happen, but when it will occur.” 

To help combat security threats, five Michigan counties (Oakland, Wayne, Washtenaw, Livingston and Monroe) and the State of Michigan have joined forces to create a free Information Technology security assessment tool designed to help small and mid-sized government agencies assess, understand and prioritize their basic IT security needs.
Cyber Security Assessment For Everyone (CySAFE) is based on three popular IT security frameworks:

•  SANS 20 Critical Controls
•  ISO (International Organization for Standardization) 27000
•  NIST (National Institute of Standards and Technology)

CySAFE combined the 379 controls from all three frameworks into one condensed list, removing redundant controls and assessing the controls against the government agency’s current IT security capabilities. From this information, a master list of 36 key controls was created. These controls were evaluated in terms of cost to implement, time to implement and risk — and were assigned a number based on each key factor. IT specialists from the six participating Michigan government agencies completed the evaluation.

According to one of these IT specialists, Oakland County Chief Information Security Officer Chris Burrows, “Our goal is to help governments understand what protection measures need to be taken, and when — all while minimizing time, cost and risk.”

The CySAFE tool creates a priority list to indicate which controls need to be in place immediately and in the future for the 40 counties that are currently using it. 

Launched in September and downloaded in more than 40 states, “the tool was designed by government for government,” says Burrows. “We don’t push a specific product, but instead indicate which systems are needed for a secure environment.”

The entire process can be completed in 60 minutes, with a priority list and graphs detailing a specific government’s cybersecurity needs. And, best of all, it’s free, Burrows says.

The CySAFE tool can be downloaded at