When Stanton Gatewood, Georgia’s chief information security officer (CISO), started out in cybersecurity more than 30 years ago, co-workers thought of him and his peers as “the paranoid ones,” constantly warning about the risks of cyberattacks and system breaches.
This perception has changed a great deal. Cybersecurity events are ubiquitous in today’s news, and breaches are wide-ranging, affecting customer data at Target, the municipal website in Flint, Mich., and the servers of the Democratic National Committee during the presidential election. Cyberdefenders like Gatewood have gone from “the paranoid ones” to vital lines of defense, heavily relied on by private companies, nonprofit groups and, increasingly, governments.
“You can’t open the paper, you can’t go online, you can’t watch TV without hearing that some sort of cyberevent has taken place,” Gatewood said.
Georgia is currently investing heavily in defense, building a cyber and innovation training center aimed at enhancing its workforce, bolstering training and bringing representatives from all levels of government to practice on a cyber-range, where they can test defense skills and abilities.
And Georgia is not alone. Technologists in jurisdictions across the country say recent global cyberattacks are catalysts for policymakers and other officials to devote funds and resources to defense.
“I hate to gain on the pain of my peers,” said Mike Dent, CISO of Fairfax County, Va., in the Washington, D.C., metro area, “but the more people understand the threat, the more leadership will invest in it.”
Dent, whose jurisdiction has been lauded for cybersecurity work, emphasizes this is a complex and evolving battle, one requiring institutional awareness, vast collaboration, funding and changes in the way technology is manufactured.
So far, most state and local governments have avoided being victimized by large-scale hacks, but most face ransomware and phishing attempts on a near-daily basis. This is unlikely to stop, with experts saying instead that they expect threats to increase.
“Anytime you have a lot of data at rest, even if that data’s not immediately valuable at its face, that data is at risk,” said Timothy Blute, program director with the Homeland Security and Public Safety Division of the National Governors Association. “If you’ve got a lot of data, you’ve got a target on your back.”
Here’s a look at some of the biggest cyberevents of the past couple years, and their impacts on state and local government:*
WannaCry is the most infamous example of a worldwide ransomware attack. By targeting systems that ran Microsoft Windows, WannaCry encrypted data and demanded bitcoin cryptocurrency for its release. Launched on May 12, 2017, it infected more than 300,000 computers in roughly 150 countries but was quickly stemmed by a cybersecurity professional in England who found a kill switch. Another factor was that Microsoft had discovered the vulnerability months earlier, subsequently releasing patches. Users who had installed updates were not at risk.
Types of Data Breached: Any within Microsoft Windows.
Direct Impact to State and Local Governments: Many officials say WannaCry served as an excellent catalyst for working to guard against future large-scale ransomware events. Notable international victims included the United Kingdom’s National Health Service, as well as other health-care providers.
What They Say: “In an organization that may not have backups pre-ransomware, once something like this happens, they always seem to find the money in the budget afterward to go that route.” — Brian Calkin, Vice President of Operations, The Center for Internet Security
Petya exploits similar vulnerabilities in Microsoft Windows as WannaCry, also demanding a ransom in bitcoins. Petya, however, has greater longevity. After officials thought they’d patched it, a variation dubbed NotPetya began posing a threat. Another difference is intent. WannaCry aspired to sheer financial gain, restoring encrypted data if demands were met. Petya seeks money while also sowing disruption through wide-scale system wipes, regardless of whether demands are met.
Types of Data Breached: Any within Microsoft Windows.
Method: Wiper disguised as ransomware.
Direct Impact to State and Local Governments: Although no major breaches have been reported domestically, Petya/NotPetya is ongoing. Widely believed to have originated in Ukraine through an update to an accounting program used by that country’s government, it has affected many systems there, most notably radiation monitoring at the Chernobyl Nuclear Power Plant.
What They Say: “I know state agencies are watching ransomware events because these techniques have a tendency to come back to life. We saw that with NotPetya.” — Timothy Blute, Program Director, National Governors Association Center for Best Practices’ Homeland Security & Public Safety Division.
Dallas Emergency Sirens Hack
One Saturday in April, all 156 emergency sirens throughout Dallas sounded more than a dozen times. Officials first attributed the incident to malfunction, later saying it resulted from a hack, albeit a unique one without computers. Unknown culprits likely activated the sirens by replicating a tonal code with a radio. Rocky Vaz, Dallas’ director for emergency management, said catching the culprits was nigh-impossible, while Mayor Mike Rawlings vowed to find and prosecute those responsible. No arrests have been made, and the city is working to safeguard the system from another hack.
Types of Data Breached: None.
Method: Replicating a tonal code with a radio.
Direct Impact to State and Local Governments: Officials in jurisdictions across the country say they paid attention to this incident. Dallas, for its part, is working with the Federal Emergency Management Agency on an evolved alert system to send messages to cellphones.
Russia and the 2016 Presidential Election
The U.S. intelligence community has concluded with confidence that Russian agents hacked the Democratic National Committee’s servers during the 2016 Presidential Election, also breaching Clinton campaign chairman John Podesta’s email account. Russian officials have denied involvement, and President Donald Trump has oscillated between downplaying the significance of the hack and blaming it on his predecessor, President Barack Obama. In the eyes of many, questions remain.
Types of Data Breached: Democratic National Committee servers and Clinton campaign chairman John Podesta’s email account.
Method: Private email and server hacks.
Direct Impact to State and Local Governments: Politics aside, local officials who administer elections are faced with questions about the integrity of U.S. election systems.
The past few years have seen a new trend in cyberattacks: news breaks — a water crisis, the passage of a bathroom bill related to transgender people, a police shooting — a government website is hacked and an activist group takes credit. Known as hacktivism, government technologists say it has become their greatest exterior cybersecurity concern, as well it should be. To date, hacktivists have frozen government services, defaced websites and released sensitive data online.
Types of Data Breached: Varied, including emails between officials, website content and citizen data.
Method: Various, including email phishing, denial-of-service and doxing, or compiling and posting personal information about government officials online.
Note: At press time, news was breaking on the Equifax data breach, estimated to affect the personal information of 143 million Americans. While many government agencies use the service for identity verification, direct impacts on government remain unknown. Since then, further attacks on global consulting firm Deloitte and election-related sites of 21 states have also been reported.