Local Government Computer Systems Are Soft Targets

Uploaded on 2017-10-02 in GOVERNMENT-Law Enforcement, GOVERNMENT-Local, FREE TO VIEW, NEWS-Cybersecurity News

In a recent incident that officials say illustrates the vulnerability of local government computer networks, the communications system of an upstate New York police agency was disrupted by a hacking attack.

The Schuyler County Sheriff’s Department, headquartered in Watkins Glen, had to get support from surrounding counties after the hacking temporarily crippled its 911 emergency system and ability to dispatch deputies to calls, said Peter Kehoe, director of the New York State Sheriffs Association.

Kehoe said such incidents “are a very big concern for us," particularly since the disruption of a communications systems could severely impair a law-enforcement agency's ability to protect the public during a crisis.

The need for enhanced cyber-security measures to counter attempts to breach networks stored on government computers, often containing highly confidential and personal information, has prompted the New York State Association of Counties to arrange a workshop on the issue at its annual conference in Syracuse Sept. 13 through 15.

'Direct Attack'

Officials say hacking attempts appear to be on the rise, with those targeting government networks often based in Russia, China or North Korea.

A memo circulated by Schuyler County Sheriff William Yessman Jr. last week described the hacking episode there as a "direct attack from a foreign country on our system," coming from a computer that "kept trying various passwords until it accessed our system."

The attack on the sheriff's agency came within a week of the release of an Aug. 24 report that found that government computer networks are often more vulnerable to attacks than the systems of fast-food chains.

That report, by SecurityScoreboard, a cyber-security consultant, was based on an analysis of more than 500 federal, state and local government agencies.

"Once a hacker is inside the organisation's network, digital assets can be compromised or stolen outright, throwing operations into chaos," the report warned.
 
Protection

The Center for Internet Security, based in the Troy suburb of East Greenbush, provides advice and support to hundreds of local and state agencies, with help from federal funding.

The organisation's vice president, Brian Calkin, said he recommends that agencies keep all data stored on their networks backed up in computers that are not connected to their systems and are stored in locations apart from their base of operations.

Keeping intruders out has become even more important since the use of ransomware, malicious software used to prevent computer users from accessing data until money is paid to those who planted the virus, became part of the repertoire of some hackers in 2014.

"Ransomware has become the bane of our existence," said Calkin, referring to those in the cyber-security field.

Local government agencies often lack the funding to hire cyber-security professionals, or, in the case of many upstate sheriff's departments and county boards of elections offices, have to rely on the county's information technology department to handle their needs.

"In the cyber-security field, there are zero folks out there now who want a job and don't have a job," Calkin said in noting that government and other industries are recognising the need to beef up on their security efforts.

County Hacked

Even a small vulnerability can lead to large problems for government networks, experts said.

Brian Pokorny, director of the Otsego County information technology department in Cooperstown, said his county network was compromised when a county employee's smart phone was hacked through a technique known as keystroke logging. It allows a hacker to access user names and passwords for entering networks.

Pokorny said his department reviews the security of the county computer systems daily to make sure no hacker has intruded, and Pokorny said he has been in touch with the state Board of Elections in Albany to stay abreast of the latest concerns regarding voting data.

"The level of phishing attempts has increased dramatically in recent months," he said.

"We're making sure our county employees are being vigilant when they open email to make sure they're not sending information to people they don't want to send information to."

Press Republican

You Might Also Read: 

Police Spy On Their Own: Twitter Accounts Scrutinised:

Police Can’t Reduce Cybecrime:

« Robots Take Over The World’s Work
Big Data - Big Changes Coming »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

IT Security Guru

IT Security Guru

IT Security Gurus publish daily breaking news. interviews with the key thinkers in IT security, videos and the top 10 stories as picked by our Editor.

A10 Networks

A10 Networks

A10 Networks is a leader in application networking, helping organizations of all sizes to accelerate, optimize and secure their applications.

Assured Data Protection

Assured Data Protection

Assured Data Protection specialises in data protection and disaster recovery services for large SME and enterprise organisations.

Kudelski Security

Kudelski Security

Kudelski Security is an international cybersecurity company providing innovative, independent and tailored security solutions for large enterprise and public sector clients.

Sepio Cyber

Sepio Cyber

Sepio is the leading asset risk management platform that operates on asset existence rather than activity.

Lynx Technology Partners

Lynx Technology Partners

Lynx Technology Partners is a full service, full life-cycle risk-based security consulting firm.

Office of the Government Chief Information Officer (OGCIO) - Hong Kong

Office of the Government Chief Information Officer (OGCIO) - Hong Kong

OGCIO supports the development of community-wide information technology infrastructure and setting of technical and professional standards to strengthen Hong Kong’s position as a world digital city.

Lirex

Lirex

Lirex offer consulting and outsourcing services, complete design, construction and maintenance of ICT solutions and systems including cybersecurity.

CYE

CYE

Utilizing data, numbers, and facts, CYE helps security leaders know what business assets are at risk and execute cost-effective remediation projects for optimal risk prevention.

Human Security

Human Security

Human (formerly White Ops) Bot Mitigation Platform enables complete protection from sophisticated bot attacks across advertising, marketing and cybersecurity.

Lionfish Cyber Security

Lionfish Cyber Security

Lionfish Cyber Evolution & Empowerment Model™ empowers SMBs to prepare and protect themselves against cyber threats using a unique combination of on-demand training, support and managed services.

Isovalent

Isovalent

Isovalent deliver the most advanced Kubernetes networking & security capabilities to the most demanding of enterprise users.

Netenrich

Netenrich

The Netenrich operations intelligence platform is built from the ground up to help enterprises resolve everyday and futuristic problems for stable, secure environments and infrastructures.

Anthony Timbers LLC

Anthony Timbers LLC

Anthony Timbers is a cybersecurity consulting and penetration testing firm providing services to the Federal and Commercial sectors nationwide.

Orca Tech

Orca Tech

Orca Tech brings together a portfolio of complimentary vendor in the IT security industry to help provide a complete solution to meet the requirements of our Partners across all sectors.

Intraframe US

Intraframe US

Intraframe US is a cybersecurity company in Memphis, specializing in Digital Forensics Incident Response and Managed IT services. We provide SMBs with a 24/7 SOC for proactive Cyber Threat Management.