Cyber Risk Management Scorecard for US Courts

Cybercriminals continue to attack enterprises and federal and state institutions by using sophisticated tools and adopting new breaching methods. Global cyberattacks increased by 32% in 2022, and it is estimated that the cost of cybercrime will grow to US$10.5 trillion by 2025. Within a few months, 4 US courts (Philadelphia[1], Denver[2], Kansas[3], Atlanta[4]) have experienced denial of service cyber attacks to sophisticated foreign ransomware attacks resulting in severe outages for over a month. Cybercriminals threatened to post sensitive court data on the dark web, causing a big disruption in the judicial process. Millions of dollars were paid to Russian state actors as a ransomware to avoid interference in delivering justice at the local and state courts. Because of the ransomware and data theft risks across US courts, the Conference of Chief Justices and the Conference of State Court Administrators have come out with Resolution 2 in support of increased cybersecurity practices in court[5].

Courts with weak cybersecurity practices are at greater risk due to the evolution of malware campaigns, brute force attacks, and vulnerability exploitation. The higher adoption of electronic data exchange by judiciary proceedings after the COVID-19 pandemic has already increased the risk. Therefore, they need a strategic scorecard to proactively safeguard their assets from unforeseen threats. A cyber risk management scorecard tool proposed below will come to their rescue.

Scorecard Methodology

The following 12 categories relevant to courthouse cybersecurity have been assigned a “weighted value” based on criticality, ease of implementation, and overall impact. Each courthouse can revise these categories based on their requirements and technical maturity. The “score” value can vary from 0 to 100. The Courthouse cybersecurity team should assess the score based on the current implementation of each category. The final score (Courthouse Cybersecurity Score) will be determined by multiplying the “Weighted Value (W)” for each category with the score (S) for the respective category and subsequently summing the value for all categories.

Recommendation

• Assign a CISO (Chief Information Security Officer). CISOs are the guardians of the courtroom’s information and data security policy and are accountable for defending it against any potential threats.  
• Build a cross-functional team among the courthouse staff:  Representation from different teams across the courthouse (Judge, Jury, District Attorney, Public Defenders, Clerk, Marshall etc) will expedite faster implementation of policies. 
• Procure cyber insurance: It helps pay for any financial losses they may incur in the event of a cyberattack or data breach.
• Include cyber security Training/Enablement: As Cyberattackers use advanced hacking technology and new attack methods (social phishing, voice phishing, malware, etc.), court staff should continuously learn new ways to be aware of cyber attacks and protect assets. The training must be part of the staff learning day.
• Create and Implement cybersecurity policy: A documented policy for each court (Supreme, Court of Appeals, Superior, State, Juvenile, Probate, Magistrate, and Municipal etc) recommending best practices to protect the assets, including multi-factor authentication (MFA), password rules, mobile device management, data retention, business continuity etc, is extremely critical. CISO must own this policy document.
• Collaborate with third-party security experts: A periodic interaction with third-party independent cybersecurity experts is recommended annually or semi-annually. They can run annual assessments and penetration tests across the courthouse to proactively detect vulnerabilities and provide industry best practices to learn from other agencies and industries. 
• Implement a SOC (Security Operation Center): SOC must be enabled for critical courthouses to monitor, respond, and resolve threats 24*7
• Artificial Intelligence (AI) to identify patterns and expedite resolution: Leverage AI models to proactively identify new threats and take corrective actions before damage is caused.

To summarize, there has been an increase in the number of cyber-attacks on the judicial branch at all levels, from the appellate courts to local municipal courts, resulting in many high-profile court disruptions. As the third co-equal branch of government, the judicial branch must protect the integrity of its records and services to preserve the public’s trust and confidence by implementing a risk management scorecard and assessing cyber risks.

References – 

1. https://apnews.com/article/cyberattack-pennsylvania-courts-hackers-cybersecurity-187de27a9d4eab485b56a65e869bf298

2. https://www.denverpost.com/2024/02/12/colorado-public-defenders-office-cyberattack-ransomware-malware/

3. https://apnews.com/article/kansas-courts-cyberattack-hack-network-offline-097a11cfa9de552ec5a9ea49b500d3d6

4. https://apnews.com/article/fulton-county-cyberattack-ransom-e05035da4ceea50e7683d6fc4df2c473

5. https://www.ncsc.org/__data/assets/pdf_file/0030/86835/NCSC-Final-Cyber-Report-Dec-2022.pdf

6. https://docs.tbpr.org/pub/logicforce_cybersecurityscorecard_q42019.pdf

7. https://www.justice.gov/opa/pr/justice-department-conducts-court-authorized-disruption-botnet-controlled-russian