Local Government Computer Systems Are Soft Targets

Uploaded on 2017-10-02 in GOVERNMENT-Law Enforcement, GOVERNMENT-Local, FREE TO VIEW, NEWS-Cybersecurity News

In a recent incident that officials say illustrates the vulnerability of local government computer networks, the communications system of an upstate New York police agency was disrupted by a hacking attack.

The Schuyler County Sheriff’s Department, headquartered in Watkins Glen, had to get support from surrounding counties after the hacking temporarily crippled its 911 emergency system and ability to dispatch deputies to calls, said Peter Kehoe, director of the New York State Sheriffs Association.

Kehoe said such incidents “are a very big concern for us," particularly since the disruption of a communications systems could severely impair a law-enforcement agency's ability to protect the public during a crisis.

The need for enhanced cyber-security measures to counter attempts to breach networks stored on government computers, often containing highly confidential and personal information, has prompted the New York State Association of Counties to arrange a workshop on the issue at its annual conference in Syracuse Sept. 13 through 15.

'Direct Attack'

Officials say hacking attempts appear to be on the rise, with those targeting government networks often based in Russia, China or North Korea.

A memo circulated by Schuyler County Sheriff William Yessman Jr. last week described the hacking episode there as a "direct attack from a foreign country on our system," coming from a computer that "kept trying various passwords until it accessed our system."

The attack on the sheriff's agency came within a week of the release of an Aug. 24 report that found that government computer networks are often more vulnerable to attacks than the systems of fast-food chains.

That report, by SecurityScoreboard, a cyber-security consultant, was based on an analysis of more than 500 federal, state and local government agencies.

"Once a hacker is inside the organisation's network, digital assets can be compromised or stolen outright, throwing operations into chaos," the report warned.
 
Protection

The Center for Internet Security, based in the Troy suburb of East Greenbush, provides advice and support to hundreds of local and state agencies, with help from federal funding.

The organisation's vice president, Brian Calkin, said he recommends that agencies keep all data stored on their networks backed up in computers that are not connected to their systems and are stored in locations apart from their base of operations.

Keeping intruders out has become even more important since the use of ransomware, malicious software used to prevent computer users from accessing data until money is paid to those who planted the virus, became part of the repertoire of some hackers in 2014.

"Ransomware has become the bane of our existence," said Calkin, referring to those in the cyber-security field.

Local government agencies often lack the funding to hire cyber-security professionals, or, in the case of many upstate sheriff's departments and county boards of elections offices, have to rely on the county's information technology department to handle their needs.

"In the cyber-security field, there are zero folks out there now who want a job and don't have a job," Calkin said in noting that government and other industries are recognising the need to beef up on their security efforts.

County Hacked

Even a small vulnerability can lead to large problems for government networks, experts said.

Brian Pokorny, director of the Otsego County information technology department in Cooperstown, said his county network was compromised when a county employee's smart phone was hacked through a technique known as keystroke logging. It allows a hacker to access user names and passwords for entering networks.

Pokorny said his department reviews the security of the county computer systems daily to make sure no hacker has intruded, and Pokorny said he has been in touch with the state Board of Elections in Albany to stay abreast of the latest concerns regarding voting data.

"The level of phishing attempts has increased dramatically in recent months," he said.

"We're making sure our county employees are being vigilant when they open email to make sure they're not sending information to people they don't want to send information to."

Press Republican

You Might Also Read: 

Police Spy On Their Own: Twitter Accounts Scrutinised:

Police Can’t Reduce Cybecrime:

« Robots Take Over The World’s Work
Big Data - Big Changes Coming »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

i-Sprint Innovations

i-Sprint Innovations

i-Sprint is a leader in Securing Identity and Transactions in the Cyber World for industries that are security sensitive.

TUV Rheinland Group

TUV Rheinland Group

TUV Rheinland Group is a testing services company with nearly 145 years of technological experience. We help you to protect your systems comprehensively, proactively and permanently.

Multitel

Multitel

Multitel is an independent research centre. We develop and integrate emerging technologies into the industrial fabric at the regional and international levels.

FraudScope

FraudScope

FraudScope is an AI-assisted platform that accelerates the identification of fraud, waste, and abuse.

Ergo

Ergo

Ergo is a world-class IT Partner of choice, leveraging the latest technology available in cloud, mobility, big data, analytics, and social media.

Mindsight

Mindsight

Mindsight is a technology consulting firm with expertise from cybersecurity to cloud, disaster recovery to infrastructure, and collaboration to contact center.

Cynance

Cynance

Cynance are an award-winning, independent cyber security specialist and part of the Transputec family of companies.

Upfront Security

Upfront Security

Upfront Security helps companies with innovative products & services to prevent, recognise and recover from (identity) fraud.

Auvik Networks

Auvik Networks

Auvik is easy-to-use cloud-based networking management and monitoring software - true network visibility and control without the hassle.

Cognilytica

Cognilytica

Cognilytica’s Cognitive Project Management for AI (CPMAI) training and certification is recognized around the world as the best practices methodology for implementing successful AI & ML projects.

TOTM Technologies

TOTM Technologies

TOTM Technologies provides end-to-end identity management and biometrics products, powering Digital identity and Digital onboarding solutions.

Verosint

Verosint

Verosint (formerly 443ID) provides real-time account fraud prevention that reveals fraudsters hiding in user accounts and proactively blocks them before their attacks can cause harm.

CyberMindr

CyberMindr

CyberMindr is a SaaS platform for Automated & Continuous Attack Path and Threat Exposure Discovery helps you to proactively identify & assess your attack surface to mitigate associated threats.

OryxAlign

OryxAlign

OryxAlign offer managed IT and cyber security, cloud and digital transformation, and tailored professional and consulting services.

Federal Office for the Protection of the Constitution (BfV)- Germany

Federal Office for the Protection of the Constitution (BfV)- Germany

The Federal Office for the Protection of the Constitution (Bundesamt für Verfassungsschutz - BfV) is the domestic intelligence services of the federal government of Germany.

Spektion

Spektion

Spektion are transforming how organizations meet the challenge of third-party software risk.