Local Government Computer Systems Are Soft Targets

Uploaded on 2017-10-02 in GOVERNMENT-Law Enforcement, GOVERNMENT-Local, FREE TO VIEW, NEWS-Cybersecurity News

In a recent incident that officials say illustrates the vulnerability of local government computer networks, the communications system of an upstate New York police agency was disrupted by a hacking attack.

The Schuyler County Sheriff’s Department, headquartered in Watkins Glen, had to get support from surrounding counties after the hacking temporarily crippled its 911 emergency system and ability to dispatch deputies to calls, said Peter Kehoe, director of the New York State Sheriffs Association.

Kehoe said such incidents “are a very big concern for us," particularly since the disruption of a communications systems could severely impair a law-enforcement agency's ability to protect the public during a crisis.

The need for enhanced cyber-security measures to counter attempts to breach networks stored on government computers, often containing highly confidential and personal information, has prompted the New York State Association of Counties to arrange a workshop on the issue at its annual conference in Syracuse Sept. 13 through 15.

'Direct Attack'

Officials say hacking attempts appear to be on the rise, with those targeting government networks often based in Russia, China or North Korea.

A memo circulated by Schuyler County Sheriff William Yessman Jr. last week described the hacking episode there as a "direct attack from a foreign country on our system," coming from a computer that "kept trying various passwords until it accessed our system."

The attack on the sheriff's agency came within a week of the release of an Aug. 24 report that found that government computer networks are often more vulnerable to attacks than the systems of fast-food chains.

That report, by SecurityScoreboard, a cyber-security consultant, was based on an analysis of more than 500 federal, state and local government agencies.

"Once a hacker is inside the organisation's network, digital assets can be compromised or stolen outright, throwing operations into chaos," the report warned.
 
Protection

The Center for Internet Security, based in the Troy suburb of East Greenbush, provides advice and support to hundreds of local and state agencies, with help from federal funding.

The organisation's vice president, Brian Calkin, said he recommends that agencies keep all data stored on their networks backed up in computers that are not connected to their systems and are stored in locations apart from their base of operations.

Keeping intruders out has become even more important since the use of ransomware, malicious software used to prevent computer users from accessing data until money is paid to those who planted the virus, became part of the repertoire of some hackers in 2014.

"Ransomware has become the bane of our existence," said Calkin, referring to those in the cyber-security field.

Local government agencies often lack the funding to hire cyber-security professionals, or, in the case of many upstate sheriff's departments and county boards of elections offices, have to rely on the county's information technology department to handle their needs.

"In the cyber-security field, there are zero folks out there now who want a job and don't have a job," Calkin said in noting that government and other industries are recognising the need to beef up on their security efforts.

County Hacked

Even a small vulnerability can lead to large problems for government networks, experts said.

Brian Pokorny, director of the Otsego County information technology department in Cooperstown, said his county network was compromised when a county employee's smart phone was hacked through a technique known as keystroke logging. It allows a hacker to access user names and passwords for entering networks.

Pokorny said his department reviews the security of the county computer systems daily to make sure no hacker has intruded, and Pokorny said he has been in touch with the state Board of Elections in Albany to stay abreast of the latest concerns regarding voting data.

"The level of phishing attempts has increased dramatically in recent months," he said.

"We're making sure our county employees are being vigilant when they open email to make sure they're not sending information to people they don't want to send information to."

Press Republican

You Might Also Read: 

Police Spy On Their Own: Twitter Accounts Scrutinised:

Police Can’t Reduce Cybecrime:

« Robots Take Over The World’s Work
Big Data - Big Changes Coming »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Solarflare

Solarflare

Solarflare is a leading provider of intelligent networking I/O software and hardware platforms that accelerate, monitor and secure network data.

CSIRT.CZ

CSIRT.CZ

CSIRT.CZ is the National Computer Security Incident Response Team of the Czech Republic.

PlaxidityX

PlaxidityX

PlaxidityX (formerly Argus Cyber Security) is a global leader in mobility cyber security, provides DevSecOps, vehicle protection and fleet protection technologies and services.

Swiss Re

Swiss Re

Swiss Re Group is a leading wholesale provider of reinsurance, insurance and other insurance-based forms of risk transfer including cyber risk.

Infowhiz solutions

Infowhiz solutions

Infowhiz provides solutions for backup/disaster recovery and network security.

Hypori

Hypori

Hypori is a virtual smartphone solution that makes truly secure BYOD a reality for organizations in healthcare, finance, government, and beyond.

ZeroNorth

ZeroNorth

ZeroNorth provides a new approach to improve software and infrastructure security, simplify continuous compliance reporting and to create more cost-effective risk management programs.

RiskRecon

RiskRecon

RiskRecon makes it easy to gain deep, risk contextualized insight into the cybersecurity risk performance of all of your third parties.

Bellvista Capital

Bellvista Capital

Bellvista Capital connects entrepreneurs with capital and unmatched business expertise in the technology areas of Cloud Computing, Cyber Security and Data Analytics.

Towerwall

Towerwall

Towerwall offers a comprehensive suite of security services and solutions using best-of-breed tools and information security services.

PCI Security Standards Council (PCI SSC)

PCI Security Standards Council (PCI SSC)

The PCI Security Standards Council is a global forum that brings together payments industry stakeholders to develop and drive adoption of data security standards and resources for safe payments.

Dimension Data

Dimension Data

Dimension Data is a leading African born technology provider operating in the Middle East and Africa, offering a portfolio of services including intelligent security solutions.

Block Harbor Cybersecurity

Block Harbor Cybersecurity

Block Harbor has worked closely with automakers, suppliers, and regulators since 2014 on vehicle cybersecurity.

ZoobeTek

ZoobeTek

ZoobeTek are a company focused on preventing leaks related to the security of business information3.

eGeneration

eGeneration

eGeneration is one of the leading technology solutions and system integration companies in Bangladesh.

Phone Monitoring Service

Phone Monitoring Service

Phone Monitoring Service provides cyber security services, ethical hacking services, social media hacking services in the USA, Canada, Europe.