Todd Nacapuy, chief of the state Office of Enterprise Technology Services, said he does not know if that is an unusually large number of probes for a state system, but “it is a lot.”
“It’s just automated tools hitting us,” Nacapuy said, with hackers switching their approaches regularly to search for new ways to gain access to state data. “The game changes. It constantly changes.”
A spokesman for the Office of Enterprise Technology Services said the average number of blocked probes is 30 million to 40 million per day. Nacapuy said the number of probes has increased since last year.
State information technology officials declined to say what data if any has leaked from the state system, but Nacapuy told members of the House Finance Committee this week he is willing to provide a closed-door briefing to them on the subject.
“Obviously there’s a lot of this information that is very sensitive that we don’t want to be discussing in a public arena,” he told lawmakers. The state knows where many of the attacks originated, but Nacapuy also declined to discuss that publicly.
In some cases the attacks may involve efforts to overwhelm systems with bogus traffic, or may amount to no more than scans of portions of the state system to look for vulnerabilities, he said.
“They are always developing, so we’re always trying to defend ourselves against different types of attacks,” Nacapuy said.
Vincent Hoang, who is the state’s first chief information security officer, said automation has allowed the volume of the attacks to grow.
“You know the term ‘arms race’? We’re the defenders and we need to tool up because the attackers are tooling up themselves,” he said.
Nacapuy said the state has not had its firewall breached since he started in 2015, but most attacks are launched through malware that may be downloaded from corrupted websites, or can enter systems through thumb drives or other infected equipment.
“Malware” or malicious software is the main “threat vector” at the moment throughout the industry and the nation, he said.
The state for the first time last fall conducted a Persistent Adversary Detection Service (PADS) assessment and scan, which is an examination of computer systems for signs of advanced implants that are not generally detected by ordinary anti-virus or intrusion- detection technologies, Nacapuy said. However, he also declined to discuss the PADS findings publicly.
—-
Hacking threat
>> Average number of probes: 30 million to 40 million per day
>> Types of activity: malware, ransomware, denial-of-service
>> Potentially sensitive data prevented from leaving state systems: 10 times daily
Source: Hawaii Office of Enterprise Technology Services
©2017 The Honolulu Star-Advertiser Distributed by Tribune Content Agency, LLC.
