What the Texas Ransomware Attacks Say About Government Cybersecurity

Lena Eisenstein
Local government cybersecurity'that's an item that should be at the top of every local government's agenda at the next council meeting. Why? Ransomware attacks are on the rise and their favored targets are local governments.

Ransomware attacks on local government have been on the rise since 2017. The latest hit came in Texas where an unprecedented ransomware attack hit the morning of August 16th. The FBI stated that the attack was organized and effective. Local governments have been hit before, but not sequentially, like this one. The FBI isn't revealing exactly who is responsible, but they believe it is a single threat actor.

The latest incident should motivate all local governments to beef up government cybersecurity beginning with the implementation of a board management software system.

How Vulnerable Are Local Governments to Ransomware Attacks?

Other city governments that have been hit by ransomware attacks are Newark, Atlanta, and Baltimore. San Francisco's transit authority was hit and so was the Colorado Department of Transportation and the airport in Cleveland. Recorded Future, a cybersecurity firm commented that at least 170 governments at the county, city, or state levels have been attacked since 2013. At least 45 of those agencies were police and sheriff's offices. In addition, 26% of cities and counties have reported that they're staving off attacks on their networks every hour. Hospitals have also been targets of ransomware. Dozens of hospitals have reported being held hostage across the country.

Government Cybersecurity Vulnerabilities in Texas

The FBI reported that at least 22 city and local governments were hit in a single government cybersecurity attack at the same time. This was a coordinated attack on computer networks. Elliott Sprehe of the Texas Department of Information Resources is coordinating the state's response to the attack and the FBI and the Department of Homeland Security are assisting in the effort. Authorities seem to have an indication as to the origin of that attacks and they're waiting for the suspects to move to another country where they will be able to extradite them.

Sprehe declined to name all the cities and municipalities that were involved in the incident. Two cities, Borger and Keene, voluntarily came forward naming themselves as victims in the attack. Borger residents are now prevented from being able to access birth and death certificates and they won't be able to pay their utility bills.

While the impact of the incident was far-reaching and impactful, it's important to point out a few things that the local governments did right that prevented the incident from becoming far worse than it is.

The state of Texas created a system where government officials knew who to contact in such an event. Allen Liska, a cybersecurity expert who tracks ransomware attacks, stated in a CNN interview, "Texas has spent a lot of time and money centralizing incident response, so security and IT people in those towns knew who to call immediately. If this had happened in another state without this infrastructure or to multiple towns in different states simultaneously the damage could have been a lot worse."

What the affected municipalities could have done better was to purchase and implement a board management software program to protect their local government data from getting into the wrong hands. iCompass, a Diligent brand, is the modern approach to fending off cybercriminals.

What Makes Local Governments Easy Targets for Cybercrime?

Cybercriminals are becoming more sophisticated in their attacks, as well as in how they choose their targets. Ransomware is a common way for criminal hackers to get their hands-on fast money. Criminals are becoming more efficient in encrypting a victim's computer and then demanding payment, which they usually want to receive in bitcoin payment. Upon receiving the payment, they hand over the keys to unlock the system. Ransomware hackers are rarely caught.

Criminals know that large cities and companies are investing funds in increasing their government cybersecurity defenses. They also know that smaller, local governments are underfunded and lack expertise in their IT staffs. Local governments provide essential services. By hacking into a local government system, cybercriminals can shut down emergency services and other vital departments at municipalities. It's easier for cybercriminals to go after the low-hanging fruit in multiple local governments rather than make the effort to shut down a larger entity.

According to Mike Christman from the GBI, everyone should expect to be attacked.

Local Governments Need a Modern Approach to Government Cybersecurity

Good governance for local governments means transparency and accountability. It's necessary for some information to be open to the public. When any information is open to the public, it opens up entry points for hackers to tap into other information that is sensitive, confidential, and not open to the public. Examples of confidential information that a local government has includes payroll information and health information.

Board members and council members share a great deal of personal information across email systems. They tend to use non-secure email accounts while sending it, which makes the data vulnerable to attack. In fact, according to Diligent Corporation, about 50% of council members admit to sending the bulk of their emails regarding local government information over non-secure public email accounts like Gmail, and Yahoo!. Many of these email correspondences have files attached to them that contain sensitive information.

Council members are under a lot of pressure from the public and from other council members to keep information secure. What local governments need is a system for modern governance that reduces all the vulnerabilities and entry points that provide access to sensitive or confidential information. What they need is a board management software program by iCompass, the industry leader in local government software.

iCompass offers smart, easy digital solutions for local governments of all sizes. iCompass offers a highly secure platform for meeting management, board management, and citizen engagement. iCompass has earned its reputation as the local government experts and agents for intelligent innovation. It's the modern way to engage citizens, operate transparently, reduce operating costs, and prevent becoming an attractive target for cyberhackers.
Related Insights
Lena Eisenstein
Lena Eisenstein is a former Manager at Diligent. Her expertise in mission-driven organizations, including nonprofits, school boards and local governments, centers on how technology and modern governance best practices empower leaders at these organizations to serve their communities with efficiency and purpose.