The Texas Division of Emergency Management is now activated, in response to at least 20 local governments that have had operations disrupted by a "ransomware attack".
There is a lot to unpack here. First of all, there's much yet to know.
The names of the jurisdictions have not been disclosed as of this writing. Regardless, the FBI is certainly involved, and working to determine if there is a commonality to the affected organizations that may provide insight as to the actor(s) responsible.
Was there a common vulnerability exploited? Were the tactics, techniques, and procedures used in the attacks the same? Were all organizations compromised simultaneously, or has the actor been methodically building a "beachhead," just to pull a trigger on everyone later, and all at once?
We may never know.
So let's look at a few possibilities. Obviously, this is not an exhaustive set, and more information will be revealed over the coming months as computer forensic results are fully investigated.
Threat Actor Motivations – A Theory
First, these acts may not be related. I doubt that.
Possible Motives:
- Profit
- Political message
- Disruption
Potential Threat Actors:
- Straight up organized crime
- "Hacktivists"
- A Nation-State
As for a theory, I'll just say this. We've seen two cases of nation-states' false-flagging as an organized crime—WannaCry set out to steal, and Notpetya was set up to disrupt.
I've always seen local government as our soft underbelly for that whole likelihood-versus-impact thing, and this looks like a point being made with efforts to obfuscate attribution.
So Texas is going to have a few bad weeks at best. But this should reinforce the message about the importance of local government, and hopefully spur legislators into getting serious.
Let's Get Serious about Local Government Cybersecurity
Your cities and counties provide the level of government that you "feel" on a daily basis. Your drinking water, your flushing toilet, your traffic management, communication for law enforcement and public safety—all that is enabled by, and in many cases dependent on, information technology. Despite the collective fascination with the dreaded "records breach," people are not going to care about their credit card the day their kid stops breathing, and they call 911 and it doesn't work.
And as far as "cyber" security in local government goes, it's pretty much management by a landmine.
So maybe this is that seminal event, the claymore landmine that actually does it. We all wake up to how important our local government is, how dependent they are on IT, and how easy they are to knock over. It’s time for local government to get serious about cybersecurity.
Congress
- Offer grants to states to parcel out to local governments, prioritized by easily-measured risk.
- This is a super good idea—the time for Congress to act is now.
States
- Start looking at different innovations to solve this problem, because you're going to be supporting emergency operations just like Texas.
- Look at the PISCES program which provides no-cost monitoring for cities while training university students in cybersecurity. This helps local government get the no-cost 24/7 data monitoring they need, while students get live-fire training that prepares them to join the cybersecurity workforce. A program like PISCES offers students a pathway to build the in-demand cyber skills needed to defend and protect critical services. By promoting internships, developing apprenticeships, and prioritizing transitioning military, the cybersecurity pipeline gets filled while critical services are monitored for security threats.
- And let’s not forget public utilities and ports—those are local governments, too.
Locals
- Here's a direct message to the IT people on the frontlines: you want to get something done? Contract a sub-signing limit security assessment that will provide a roadmap useful for budgeting.
- Enlist experts to speak with your City Council or County Commission.
Our Cybersecurity Experts in the Public Sector Can Help
Need an ally in this process? Contact me directly at Critical Insight Security.
As a multi-decade expert in the public sector, including my 7-year stint as the CISO for the City of Seattle, I know how to get local government to move on to Ffcybersecurity initiatives.
Our mission at Critical Insight is to protect and defend the critical services which support our local communities and quality of life. This mission is why we show up to work every day. Our Gartner-recognized managed detection and response solution has been purpose-built to support critical service infrastructure and meet compliance requirements.
Our team at Critical Insight is ready to help you navigate the red tape so that you can build the case for monitoring, detection, and response services ASAP so these cybersecurity breaches do not happen in your own backyard.