"We're learning to use paper and pen again," said Lt. Gordon McCraw, emergency management director with the county sheriff's department, who is helming the local response to the crisis.
Computer difficulties in various departments Wednesday morning alerted officials to a potential infection, with the county IT department quickly realizing systems had been hit with encrypting malware. All work stations and servers were subsequently disconnected to quarantine it, McCraw explained to Government Technology.
While it's not yet clear whether the attack is ransomware, it closely resembles the many incidents to strike state and local governments over the past year. A local report showed a county commissioner quoted as saying the infection is "apparently ransomware in nature" but said a ransom had not been posted.
The incident also takes place only a week after an Oregon city was hit with a similar cyberattack.
"Obviously, it's affected all county computers and unfortunately, since our phone system is VoIP [voice over Internet protocol], it's also taken the phone system offline. Right now, of course, we have interruption of the systems and services that would need a computer to complete. In the meantime, we are back to paper and pencil," McCraw said.
The county has hired a digital forensic team from Arete Advisors, a cybersecurity firm that specializes in incident response, to identify the source, nature and extent of the attack, he said. It isn't entirely clear how long it will take to get everything back up and running.
Tillamook, which is located in northwestern Oregon and has a population of some 25,000, has never suffered an incident of this kind before, he added.
"Obviously it's not something that the county has ever experienced, and I've not known any company or government agency personally that has dealt with this, so it's new to a great number of us," he said.
Officials' decision to outsource some response operations makes sense given that the county did not have a plan specifically drafted to address a cyberincident, though it did activate its incident response team — a "flexible" assortment of county leaders that can "grow as large as it needs to be or small as it can be to accomplish whatever" needs to be done in an emergency, McCraw explained.
In the meantime, Arete will be at the front of local response efforts, the emergency management director said, also expressing a desire to keep outside help limited and "not have too many cooks in the kitchen."
"We'll let the experts tell us what direction we need to go," he said. "Obviously we'll have a lot of lessons learned from this."
