How Vulnerable is the US Government to Cyber Attacks?
Fewer Than 50% of Government Workers Are Trained in Ransomware Prevention
Technology has gradually changed the way government does business over the past several decades. The days of rummaging through poorly organized filing cabinets for vital records has given way to a world where voluminous archives of data are accessible at just the stroke of a key.
While the methods we use to record and retain information has been modernized, so have the tactics that enemy nations and criminal hackers looking to make a quick buck are employing in the pursuit of exposed government records.
Last year, the frequency at which ransomware attacks occurred grew to the point that we could call these infiltrations commonplace. According to cybersecurity firm Emsisoft, in 2019, ransomware attacks affected “113 federal, state and municipal agencies, 764 healthcare providers, and 89 school districts and universities.”
Although these attacks may not have dominated the news cycle like 2017’s infamous large scale WannaCry outbreak, which affected as many as 200,000 computers in 150 countries with estimated damages ranging from hundreds of millions to billions of dollars, the combined damages of these smaller attacks achieved many of the same results.
So, what is the government doing to protect its networks? Apparently not enough, as according to the results of a new IBM/Harris poll, only 38% of state and local government employees surveyed were found to be competent in “ransomware prevention.”
That is a particularly disturbing thought, when you consider the various “worst case scenario’s” that could come with the next global outbreak of ransomware. In the case of the WannaCry attack, besides the monetary damage caused to both individuals and governmental agencies, the attack was responsible for the National Health Service hospitals in England and Scotland having to turn away non-critical emergencies, as a result of up to 70,000 devices, including computers, MRI scanners and blood-storage refrigerators being infected with the ransomware.
The poll also showed that a whopping 73% of the government employees surveyed were concerned about the impending ransomware threat to cities across America, and that the respondents are actually more afraid of cyber-attacks to their community than they are of natural disasters and terrorist attacks.
Another sobering wrinkle to the poll references the ongoing election, which is another matter that is of major concern to government employees. The poll shows that 63% of those surveyed were concerned that November’s election could be a target for hackers, and a majority of respondents also considered their local Board of Elections as one of the top three most vulnerable systems in their communities.
Ransomware has also proven to have other negative effects on the fabric of our society. Out of the many negative consequences that can arise as a result of a ransomware attacks, one of the strangest stories to surface was last week’s report involving the loss of over a year’s worth of collected evidence, including videos and photos, related to crimes including methamphetamine and cocaine possession and the sale, manufacturing, and the delivery of narcotics.
As a result of the data loss, prosecutors in Stuart, FL, who were building a case against 6 defendants who were facing a total of 28 charges, were forced to drop the case. City officials refused to pay the $300,000 bitcoin ransom demanded by the perpetrators, who were able to effectively pierce the cities servers using Ryuk Ransomware.
Although the normal protocol is for municipalities to pay the ransom demand, Stuart officials refused to pay the ransom, and kept their servers disconnected while they worked to decipher the full extent of the data loss. City manager David Dyess said of the city's strategy at the time, that the city’s data backups saved it from having to negotiate with the hackers.
Although the IBM/Harris poll says that nearly 70% of government employees think their bosses are taking the threat of cyber-attacks seriously, the fact that approximately only half of that number has received the proper training is wholly unacceptable. With countries launching cyber-attacks against sensitive targets, including critical infrastructure, it is well past the time that 100% of government employees should be up to speed on handling the threat of ransomware.
Julio Rivera is a business and political strategist, the Editorial Director for Reactionary Times, and a political commentator and columnist. His writing, which is focused on cyber-security and politics, has been published by websites including The Hill, Real Clear Politics, Townhall and American Thinker.