Local Government Computer Systems Are Soft Targets

In a recent incident that officials say illustrates the vulnerability of local government computer networks, the communications system of an upstate New York police agency was disrupted by a hacking attack.

The Schuyler County Sheriff’s Department, headquartered in Watkins Glen, had to get support from surrounding counties after the hacking temporarily crippled its 911 emergency system and ability to dispatch deputies to calls, said Peter Kehoe, director of the New York State Sheriffs Association.

Kehoe said such incidents “are a very big concern for us," particularly since the disruption of a communications systems could severely impair a law-enforcement agency's ability to protect the public during a crisis.

The need for enhanced cyber-security measures to counter attempts to breach networks stored on government computers, often containing highly confidential and personal information, has prompted the New York State Association of Counties to arrange a workshop on the issue at its annual conference in Syracuse Sept. 13 through 15.

'Direct Attack'

Officials say hacking attempts appear to be on the rise, with those targeting government networks often based in Russia, China or North Korea.

A memo circulated by Schuyler County Sheriff William Yessman Jr. last week described the hacking episode there as a "direct attack from a foreign country on our system," coming from a computer that "kept trying various passwords until it accessed our system."

The attack on the sheriff's agency came within a week of the release of an Aug. 24 report that found that government computer networks are often more vulnerable to attacks than the systems of fast-food chains.

That report, by SecurityScoreboard, a cyber-security consultant, was based on an analysis of more than 500 federal, state and local government agencies.

"Once a hacker is inside the organisation's network, digital assets can be compromised or stolen outright, throwing operations into chaos," the report warned.
 
Protection

The Center for Internet Security, based in the Troy suburb of East Greenbush, provides advice and support to hundreds of local and state agencies, with help from federal funding.

The organisation's vice president, Brian Calkin, said he recommends that agencies keep all data stored on their networks backed up in computers that are not connected to their systems and are stored in locations apart from their base of operations.

Keeping intruders out has become even more important since the use of ransomware, malicious software used to prevent computer users from accessing data until money is paid to those who planted the virus, became part of the repertoire of some hackers in 2014.

"Ransomware has become the bane of our existence," said Calkin, referring to those in the cyber-security field.

Local government agencies often lack the funding to hire cyber-security professionals, or, in the case of many upstate sheriff's departments and county boards of elections offices, have to rely on the county's information technology department to handle their needs.

"In the cyber-security field, there are zero folks out there now who want a job and don't have a job," Calkin said in noting that government and other industries are recognising the need to beef up on their security efforts.

County Hacked

Even a small vulnerability can lead to large problems for government networks, experts said.

Brian Pokorny, director of the Otsego County information technology department in Cooperstown, said his county network was compromised when a county employee's smart phone was hacked through a technique known as keystroke logging. It allows a hacker to access user names and passwords for entering networks.

Pokorny said his department reviews the security of the county computer systems daily to make sure no hacker has intruded, and Pokorny said he has been in touch with the state Board of Elections in Albany to stay abreast of the latest concerns regarding voting data.

"The level of phishing attempts has increased dramatically in recent months," he said.

"We're making sure our county employees are being vigilant when they open email to make sure they're not sending information to people they don't want to send information to."

Press Republican

You Might Also Read: 

Police Spy On Their Own: Twitter Accounts Scrutinised:

Police Can’t Reduce Cybecrime:

« Robots Take Over The World’s Work
Big Data - Big Changes Coming »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

SSL247

SSL247

SSL247 is Europe's leading Web Security Consultancy Firm. We enjoy long-standing partnerships with Certificate Authorities including Symantec, GlobalSign, Entrust Datacard, Comodo, Thales and Qualys.

RPC

RPC

RPC is a business law firm. Practice areas include technology and cyber risk.

Skkynet Cloud Systems

Skkynet Cloud Systems

Skkynet is a leader in real-time data systems for the secure management and control of industrial processes (SCADA) and embedded devices (M2M).

SecuPi

SecuPi

SecuPi delivers data-centric security with data-flow discovery, real-time monitoring, behavior analytics, and protection across web and enterprise applications and big data environments.

AppTec

AppTec

AppTec is a leading software vendor in the field of Unified Endpoint Management and Mobile Security.

IoTsploit

IoTsploit

IoTsploit provides 20/20 visibility of network connections, protecting critical infrastructure assets from IoT vulnerabilities.

Applied Magnetics Laboratory (AML)

Applied Magnetics Laboratory (AML)

Applied Magnetics Laboratory is a manufacturer of military security and data destruction equipment for sensitive, classified, and secret information.

Future Technology Systems Company (FutureTEC)

Future Technology Systems Company (FutureTEC)

FutureTEC is a leading Information Technology Solutions Provider, delivering world-class Information Security, Information Management, and Business Solutions.

Query.ai

Query.ai

At Query.AI, we are committed to helping companies unlock the power of their security data, so they are empowered to meet security investigation and response goals while simultaneously reducing costs.

Panacea Infosec

Panacea Infosec

Panacea Infosec is a leading provider of information security compliance services. We help our clients in protecting their data, reducing security risks and fighting cybercrime.

SAM Seamless Network

SAM Seamless Network

SAM Seamless Network is a cybersecurity technology platform that protects the connected home, by tackling cyber security threats at the source.

Suresecure

Suresecure

Suresecure are a specialised consulting company providing Strategic IT security consulting, Managed Security Services, and Incident Response Management.

Inflection Point Ventures (IPV)

Inflection Point Ventures (IPV)

Inflection Point Ventures (IPV) is a 6000+ members angel investing firm which supports new-age entrepreneurs by connecting them with a diverse group of investors.

Epoch Concepts

Epoch Concepts

Offering a full line of IT services, solutions, and integration capabilities, Epoch Concepts is the trusted partner of the US military, federal agencies, private enterprises, and systems integrators.

CliffGuard Cybersecurity

CliffGuard Cybersecurity

CliffGuard Cybersecurity deliver comprehensive services designed to protect your organization from the ever-evolving landscape of cyber threats.

Tanzania Industrial Research and Development Organization (TIRDO)

Tanzania Industrial Research and Development Organization (TIRDO)

TIRDO is a multi-disciplinary research and development organization.