New Mexico’s Bernalillo County, which includes the populous cities of Albuquerque and Los Ranchos, was impacted by two separate cyberattacks. One attack affected and limited about every part of county government services for weeks, while the second one forced all 144 Albuquerque public schools to close for two days after the district’s attendance, communications and transportation systems were compromised.
Pottawatomie County, Kansas, was hit with a ransomware attack, striking several of the county’s computer systems. Hackers encrypted the systems for 13 days, making them inaccessible and shutting off some services. EMS, police and fire services weren’t impacted. Hackers demanded $1 million to restore all systems to normal operations. County officials negotiated with the hackers, paying more than $70,000.
An unidentified hacker breached a local water treatment facility in Oldsmar, Florida, and almost poisoned the town’s 15,000 residents. A plant operator received an alert that someone gained remote system access. The attacker opened various software functions and then increased the level of sodium hydroxide — the main ingredient in drain cleaner — to 100 times its normal level. The operator took control back and quickly canceled the change.
These are some of the cyberattacks that have recently struck state and local governments. Cyberattacks come in various forms. Ransomware is the preferred method of attack against these institutions. It locks users out of their devices or blocks access to files until a sum of money is paid. If an attack occurs, a state, city or town could be either forced to pay the ransom or risk losing critical information for community services. Municipalities paid an estimated $125,697 in ransom per event from 2017-2020.
Cyberattacks against state and local government agencies and departments are increasingly common and becoming more sophisticated and severe. Greenville, North Carolina; Torrance, California; New Orleans and 22 cities in Texas, for example, were among hundreds of agencies that reported cyberattacks in 2019 and 2020. There were “an unprecedented and unrelated barrage of ransomware attacks” in 2019, impacting about 966 government agencies, educational institutions and healthcare providers in the U.S. that cost about $7.5 billion, according to cybersecurity firm Emsisoft. These ransomware attacks affected 113 state and local governments — the bulk of attacks during this period — and caused various issues, including:
- Interrupted 9-1-1 services.
- Forced staff at dispatch centers to rely on printed maps and paper logs to keep track of emergency responders in the field.
- Locked police out of background check systems so they couldn’t access details about criminal histories or active warrants.
Ransomware attacks continued to affect government agencies, schools and healthcare organizations in the U.S. in 2021, with over 2,300 reporting attacks. Emsisoft found that at least 77 state and municipal governments were impacted last year by a ransomware incident. Dispatch services were affected in at least one case, and 36 of these incidents were data breaches in police departments and a state attorney general.
Other findings from Palo Alto Networks Unit 42 Threat Intelligence Unit, a cybersecurity consulting firm, and KnowBe4, a security software company, include:
- About 80% of state and local information technology leaders believe that ransomware is a “formidable threat.”
- 78% of survey respondents don’t anticipate the ransomware threat to decrease in the next 12 to 18 months.
- 60% are somewhat confident their agency can prevent a phishing email, malware or supply chain attack from becoming a ransomware incident.
- The average cybersecurity breach for states costs between $665,000 to $40.5 million.
- Cybercriminals demanded an average ransom amount of about $836,000 from 2013-2020.
Why state and local governments are targets for cyberattacks
Experts point to various reasons for the steady increase of cyberattacks against state and local governments. One factor is the number of local governments — 90,075 units — in the U.S., according to the International City/County Management Association (ICMA), an organization for city and county managers and other employees who serve local governments. Out of this total, 38,779 are general purpose governments and are made up of:
- 3,031 county governments
- 19,475 municipal governments
- 16,253 town or township governments
State and local governments are tasked with a combination of major priorities, including overseeing vital services, managing critical infrastructure and responding to their residents’ needs. These priorities have also introduced new risks to state and local governments. These governments and their agencies store sensitive information, especially personal information such as names, addresses, driver’s license numbers, property tax information, social security numbers and tax and voter records. This also includes the governments’ own financial, billing and contractual information.
Another challenge is the growth of Internet of Things (IoT) devices, which allow electronic devices to connect to the Internet and collect and transmit data. IoT devices come from different manufacturers with capabilities and interfaces. Examples include optical sensors for automatic streetlights and smart wearable devices.
The coronavirus pandemic also altered how state and local governments provide services, causing a range of issues including quickly pivoting staff to working remotely and moving more services online. State and local governments may also experience other issues, including financial constraints, staffing and resources.
How grant funding will support cybersecurity efforts
State and local governments will receive financial support to enhance their cybersecurity infrastructure and defenses. The Infrastructure Investment and Jobs (INVEST) Act, which was passed last year, appropriated about $2 billion to strengthen cybersecurity, electric utilities and surface transportation. Specifically, $1 billion will be set aside as part of a grant program to aid state, local, tribal and territorial governments with funding to improve cybersecurity. The grant funding will be spread out over four years, with $200 million in fiscal year 2002, $400 million in fiscal year 2023, $300 million in fiscal year 2024 and $100 million in fiscal year 2025. The program will be administered by the Federal Emergency Management Agency (FEMA) with consultation from the Cybersecurity and Infrastructure Security Agency (CISA).
INVEST Act also allocated $250 million to create a grant program to help utilities detect, respond and recover from cybersecurity threats. The act also provides $350 million for grid security research and development and investment to continue grid operations in the event of a cyberattack.
How critical communication and collaboration platforms help protect and recover from cyberattacks
Cybersecurity is becoming synonymous with emergency preparedness and response for emergency managers, state and local government officials and other key stakeholders. A top concern for these stakeholders is protecting the information related to the services they offer. Emergency managers, state and local government personnel and other officials need to assure that staff members in agencies and departments implement cybersecurity measures, from updating security software to knowing what policies and procedures to enact if a cyberattack occurs.
A critical communication and collaboration platform allows these key stakeholders to take proactive steps and engage with — and within — agencies and departments if a ransomware or other type of cyberattack occurs. This consolidated platform provides numerous tools for emergency managers, state and local government personnel and other key stakeholders to quickly learn, notify and respond to a cyberattack so continuity of operations will continue. These tools include:
- Crisis management tool launches an action sequence at the onset of a cyberattack or other event and those who are assigned tasks will receive alerts simultaneously. Tasks will be listed, show who has ownership of them, indicate the up-to-date status, and display additional notes — all providing administrators with a detailed timeline for after-action reporting. Prebuilt alerting templates will help save time during an event and Common Alerting Protocol (CAP) provides a seamless connection to additional devices, such as digital signage.
- Mass notifications can come in the form of emergency and/or operational messages, which can be sent out simultaneously through text, email, voice calls, social media, IPAWS, digital signage and desktops — all through a single launch point. Residents can receive messages in the modes and languages they prefer.
- Text to opt-in feature allows residents to sign up for alerts by texting a unique keyword to a short code. Keywords can change and be reused for other situations.
State and local governments have recently experienced a steady increase of ransomware attacks and other types of cyberattacks. COVID-19 and its impact on how their agencies and departments provided services only amplified these attacks. For emergency managers, state and local government personnel and other key stakeholders, protecting the information of residents and their very own agency and department is a major priority. The critical communication and collaboration platform will allow these stakeholders to handle and respond to cyberattacks and other events. The platform will help emergency managers, state and local government personnel and others to stay in the know and strengthen their ability to work together, protecting crucial information and ultimately saving lives.