Local Government Computer Systems Are Soft Targets

In a recent incident that officials say illustrates the vulnerability of local government computer networks, the communications system of an upstate New York police agency was disrupted by a hacking attack.

The Schuyler County Sheriff’s Department, headquartered in Watkins Glen, had to get support from surrounding counties after the hacking temporarily crippled its 911 emergency system and ability to dispatch deputies to calls, said Peter Kehoe, director of the New York State Sheriffs Association.

Kehoe said such incidents “are a very big concern for us," particularly since the disruption of a communications systems could severely impair a law-enforcement agency's ability to protect the public during a crisis.

The need for enhanced cyber-security measures to counter attempts to breach networks stored on government computers, often containing highly confidential and personal information, has prompted the New York State Association of Counties to arrange a workshop on the issue at its annual conference in Syracuse Sept. 13 through 15.

'Direct Attack'

Officials say hacking attempts appear to be on the rise, with those targeting government networks often based in Russia, China or North Korea.

A memo circulated by Schuyler County Sheriff William Yessman Jr. last week described the hacking episode there as a "direct attack from a foreign country on our system," coming from a computer that "kept trying various passwords until it accessed our system."

The attack on the sheriff's agency came within a week of the release of an Aug. 24 report that found that government computer networks are often more vulnerable to attacks than the systems of fast-food chains.

That report, by SecurityScoreboard, a cyber-security consultant, was based on an analysis of more than 500 federal, state and local government agencies.

"Once a hacker is inside the organisation's network, digital assets can be compromised or stolen outright, throwing operations into chaos," the report warned.
 
Protection

The Center for Internet Security, based in the Troy suburb of East Greenbush, provides advice and support to hundreds of local and state agencies, with help from federal funding.

The organisation's vice president, Brian Calkin, said he recommends that agencies keep all data stored on their networks backed up in computers that are not connected to their systems and are stored in locations apart from their base of operations.

Keeping intruders out has become even more important since the use of ransomware, malicious software used to prevent computer users from accessing data until money is paid to those who planted the virus, became part of the repertoire of some hackers in 2014.

"Ransomware has become the bane of our existence," said Calkin, referring to those in the cyber-security field.

Local government agencies often lack the funding to hire cyber-security professionals, or, in the case of many upstate sheriff's departments and county boards of elections offices, have to rely on the county's information technology department to handle their needs.

"In the cyber-security field, there are zero folks out there now who want a job and don't have a job," Calkin said in noting that government and other industries are recognising the need to beef up on their security efforts.

County Hacked

Even a small vulnerability can lead to large problems for government networks, experts said.

Brian Pokorny, director of the Otsego County information technology department in Cooperstown, said his county network was compromised when a county employee's smart phone was hacked through a technique known as keystroke logging. It allows a hacker to access user names and passwords for entering networks.

Pokorny said his department reviews the security of the county computer systems daily to make sure no hacker has intruded, and Pokorny said he has been in touch with the state Board of Elections in Albany to stay abreast of the latest concerns regarding voting data.

"The level of phishing attempts has increased dramatically in recent months," he said.

"We're making sure our county employees are being vigilant when they open email to make sure they're not sending information to people they don't want to send information to."

Press Republican

You Might Also Read: 

Police Spy On Their Own: Twitter Accounts Scrutinised:

Police Can’t Reduce Cybecrime:

« Robots Take Over The World’s Work
Big Data - Big Changes Coming »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

DCL Search & Select

DCL Search & Select

DCL Search & Selection connect candidates to the best companies in the IT Security, Telco, UC, Outsourcing, ERP, Audit & Control markets.

Law Enforcement Cyber Center (LECC)

Law Enforcement Cyber Center (LECC)

LECC is designed to assist police, digital forensic investigators, detectives, and prosecutors who are investigating and preventing crimes that involve technology.

Gigasoft

Gigasoft

Gigasoft provide secure online data backup & cloud backup services for the education sector and businesses.

Conix

Conix

Conix offerings include Governance and Risk Management, Auditing and Penetration Testing, Digital Forensics, Managed Security Operations Centre (SOC).

Elavon

Elavon

Elavon is a leader in secure payment processing solutions for customers,from large worldwide enterprises to locally-owned small businesses.

Thomas Miller Specialty

Thomas Miller Specialty

Thomas Miller Specialty is a commercial Managing General Agency providing specialty risks insurance including Cyber & e-crime insurance.

Codified Security

Codified Security

Codified is a testing platform for mobile application software. We make it easier than ever for companies to detect and fix security vulnerabilities and ensure their applications are compliant.

Cybrary

Cybrary

Cybrary is an open-source cyber security and IT learning and certification preparation platform.

Procilon Group

Procilon Group

Procilon Group specialize in the development of cryptographic software as well as strategic advice on information security and data protection.

CloudAlly

CloudAlly

CloudAlly provides online cloud to cloud backup and recovery solutions, which backs up daily changes in your SaaS to unlimited Amazon S3 storage and makes it available for restore or export.

Corvid

Corvid

Corvid is an experienced team of cyber security experts who are passionate about delivering innovative, robust and extensive defence systems to help protect businesses against cyber threats.

Kratikal

Kratikal

Kratikal provides a complete suite of manual and automated security testing services.

ZecOps

ZecOps

ZecOps is a cybersecurity automation company offering solutions for servers, endpoints, mobile devices, and custom devices.

SecureStack

SecureStack

SecureStack helps software developers find security & scalability gaps in their web applications and offers ways to fix those gaps without forcing those developers to become security experts.

Rostelecom

Rostelecom

Rostelecom is Russia’s largest integrated provider of digital services and solutions, covering all market segments including consumer, governmental and private organizations.

Securosys

Securosys

Securosys is a technology company dedicated to securing data and communications. We develop, produce, and distribute hardware, software and services that protect and verify data and their transmission