In March 2018, the city of Atlanta fell victim to a ransomware attack that shut down its computer network. City agencies were unable to collect payment. Police departments had to handwrite reports. Years of data disappeared.
The attack also brought cybersecurity to the local level. It’s easy to think of it as a problem the federal government must address or something that enterprises deal with, but cybersecurity has to be addressed closer to home, as well.
I spoke to A.N. Ananth, CEO of EventTracker, a Netsurion company, about this at Black Hat USA 2018. His company supplies a co-managed SIEM service to mid-sized and large enterprises, including local government agencies.
EventTracker has a bird’s eye view; its unified security information and event management (SIEM) platform includes – behavior analytics, threat detection and response, honeynet deception, intrusion detection and vulnerability assessment – all of which are coupled with their SOC for a co-managed solution. For a drill down on our discussion, give the accompanying podcast a listen. Here are key takeaways:
Security of local and state government agencies takes on a higher level of urgency as we get closer to the midterm elections.
“State and local governments are not immune to the digital transformation so their dependence on IT is as high as it’s ever been,” says Ananth. “Consequently, the security of these kinds of systems has become paramount.”
If all politics are local, elections are even more so. According to the National Conference of State Legislatures, security for elections is in the hands of local election administrators, overseen by the state’s chief election official, but protection has been lacking.
During 2016, 39 states were hacked. At least one state saw an attempt to delete voter rolls; other states discovered their election websites were hacked. How well are state and local governments equipped to handle the huge security responsibilities, not only with elections but throughout their agency infrastructure?
Let’s look at what happened in Atlanta again. As Ananth explained, the city did two things right: they had cyber insurance and they didn’t pay the ransom. However, he adds, the attack “has cost upwards of $19-20 million and untold amounts of misery in restoring the digital systems and services for the citizens, and frankly, this was a very small attack in the grand scheme of things.”
State and local governments are easy targets for cybercriminals because though computerization has taken place in state and local, the rise in security has not been quite that quick. This makes government networks even more vulnerable and hackers see them as a gold mine.
“Attackers are profit minded,” says Ananth. “They are going to attack wherever they can because they can make a buck off it. If they can do that by stealing personally identifiable information or any of the other valuable things from a government institution, whether it’s a library or a court system, they’ll do just that.”
Every type of attack on a government entity will have an impact, of course, but with the midterm election looming, there is a lot of concern about whether or not local and state governments will be able to prevent election tampering. Officials know this is an issue, Ananth says, but directives are vague. While there are some clear security steps to follow, there are also a lot of generic platitudes – be safe, be right – that are very hard to follow. “There’s a degree of bewilderment on the part of those tasked with this,” he says.
But there is also a sense of determination to not let hackers mess with our elections. No one wants to see the elections hacked, so they are determined to make sure it doesn’t happen. Except, asks Ananth, what specifically can be done to prevent a possible hack? There doesn’t seem to be a solid answer for that.
And then there is the issue of money. Who will cover the cost of securing an election? Will there be federal funding, will states pick up the bill or will costs trickle down to individual communities?
Finally, state and local governments don’t have the resources the federal government does. The FBI and intelligence agencies have capabilities to determine who the bad actors are, what they are doing and how to retaliate. It’s an authority that states don’t have.
For security vendors, Ananth says, securing election systems isn’t overly complicated. Election systems are composed of the same components as any other system, and there is nothing specific that needs to be added to protect them. What’s lacking, he says, is the connection between the people who are tasked to secure the system and the people who actually know how to do it. Government procurement rules make it difficult for those who know to get involved.
“Vendors are citizens just like anyone else,” he says, “and they’d be very interested to participate if they are given the chance.”
Last Watchdog’s Sue Poremba contributed to this article.
(Editor’s note: LW has supplied consulting services to EventTracker.)
*** This is a Security Bloggers Network syndicated blog from The Last Watchdog authored by bacohido. Read the original post at: https://www.lastwatchdog.com/my-take-poorly-protected-local-government-networks-cast-shadow-on-midterm-elections/