by Terri Jo Neff | Jan 13, 2022 | News
By Terri Jo Neff |
With the introduction of legislation this week in the Arizona House of Representatives to prohibit many public entities from using public funds to pay for ransomware attacks, AZ Free News recently spoke with Sen. David Gowan about the security of the Legislature’s own computer systems.
Gowan says that the dedicated IT staff of the Arizona Legislature have ensured that its system protections are up to date and meet or exceed industry standards. This would allow the legislative session to continue with little impact if hit with the type of ransomware attack suffered by the Virginia Legislature last month.
“Nothing is 100 percent guaranteed, but we try to figure it out before a hacker can,” he said. “And we have the ability to move forward and maneuver, even if we have to do some things on paper.”
The Dec. 10 ransomware attack on servers used by Virginia lawmakers led to the disabling of the legislature’s voicemail system, its budgeting portal, and the platform used to draft bills. Even access to the Virginia Constitution and state code normally accessible online had to be taken down after the attack, which one state official blamed on an “extremely sophisticated malware.”
For a short time the website serving Virginia’s Division of Capitol Police was also down but there was no report of impacts to critical functions.
Whoever hacked the Virginia Legislature’s system left a ransom note, although it did not include a ransom price nor due date, according to a senior staff member. It is the first reported cyber security attack on a state legislature, although at dozens of public entities across the country were hit in 2021.
Gowan is pleased that Arizona’s legislative staff has safeguards in place which will allow lawmakers to “quickly move forward with our work” if hit by an attack like Virginia experienced. He credits the fact that the legislature’s IT personnel conduct refresher training for lawmakers and staff about suspicious emails, which is the easiest way for a cyber attacker to get into a system.
There is also frequent spot checks of the legislature’s systems. And it helps, Gowan noted, that Arizona has one of the nation’s premiere cybersecurity programs, with the Arizona Department of Homeland Security, the Arizona Department of Public Safety, and the Department of Emergency and Military Affairs all major players, along with local and federal agencies.
Two controversial bills recently introduced by a state representative would make significant changes to Arizona’s laws related to cyberattacks. One would tie the hands of public officials in responding to a ransomware attack, while the other seeks to require anyone who does business in Arizona to report a computer security breach or face a civil penalty from the Arizona Attorney General’s Office.
HB2145 would bar the State and any political subdivision of the state (such as a county, city, town, or school district) from making ransomware payments to secure the release of data. It would also require immediate notification of such an attack to the Director of the Arizona Department of Homeland Security.
Meanwhile, HB2146 would mandate anyone who “conducts business in this state and that owns, maintains or licenses unencrypted and unredacted computerized personal information” to report any security system breach to the Director of the Arizona Department of Homeland Security within 45 days.
A willful violation of the notification statute could lead to a civil penalty of up to $500,000, according to the bill.
by Terri Jo Neff | Dec 4, 2021 | Economy, News
By Terri Jo Neff |
According to cybersecurity experts, anyone with a computer connected to the internet is at risk of a ransomware attack which involves a malware designed to encrypt files on a victim’s device, rendering the files and ultimately the systems which rely on them unusable.
The criminal or criminals who placed the malware via an email attachment or a download which appeared to be safe then exhorts the victim by demanding ransom in exchange for a decryption key or file to “recover” the system.
Most people think of homeland security in terms of enhancing border security and preventing terroristic attacks in Arizona. But cybersecurity is a critical element in protecting Arizona’s infrastructure as well as economic security, according to Ryan Murray, deputy director of Arizona Department of Homeland Security (AZDOHS).
And at the same time that major companies and large government entities are strengthening their IT protocols, cyber criminals are focusing on smaller businesses, local non-profits, and public bodies such as school districts and fire departments, all of which generally don’t have a dedicated IT specialist, or a good understanding of the threat posed by a ransomware attack.
Such targets are easy pickings, Murray told AZ Free News. Adding to the problem is that many cyber attackers are no longer interested in simply holding a company’s IT system hostage until a ransom it paid. They are now incorporating data theft to the attack, Murray said.
Which is what happened in May when a ransomware attack hit Desert Wells Family Medicine in Queen Creek and led to the shutdown of the company’s IT system and left thousands of patients’ health records corrupted after the files were stolen.
In the end, Desert Wells had to manually “rebuild” its 35,000 patient records through other venues such as pharmacies, hospitals, and laboratories because none of its records were recoverable prior to May 21, the date of the hack.
With the scourge of ransomware attacks hard to stop -80 to 90 percent of cyberattacks originate overseas, says Murray- it is imperative for all companies, non-profits, and government entities large and small to understand how to reduce their vulnerabilities. And know what to do when an attack hits.
Which is why Murray’s team is developing a soon-to-be-launched website that provide a wealth of information on protecting against, responding to, and surviving a ransomware attack. The agency will also provide guidance on how to conduct an assessment of the vulnerabilities and strengths of a company’s website, email system, and workstations.
There will also be a speakers’ bureau to provide outreach across the state, says Murray.
And if a ransomware attack or data breach is suspected, local law enforcement officers can contact cyber security specialists as AZDOHS’s new Cyber Command Center which teams with various local, state, and federal agencies. In fact, many police department and sheriff’s offices in Arizona have a designated Threat Liaison Officer, or TLO, who has undergone training in how to respond to a reported cybercrime.
For now, information about what a ransomware attack involves, how to identify an attack, and what to do if victimized by such an attack can be found at www.stopransomware.gov
The combination of ransom demand and data theft which hit Desert Wells Family Medicine was reported to patients as well as the U.S. Department of Health and Human Services three months after it started. A wide range of information was accessed in the attack, including social security numbers, birthdates, names and addresses, and billing account numbers.
Patient medical account numbers as well as diagnostic and treatment information were also hacked, the notice said. The medical clinic had its patient information backed up, but the hacker also corrupted that data.
Private businesses are not required to report whether any money was paid directly or indirectly in response to a ransomware attack. How the unknown hacker or hackers got into the medical center’s system -and its backup data- has not been publicly disclosed.
In the past, companies could turn to their insurers for “cyber coverage” to reimburse the costs associated with ransomware attacks. Some insurers even paid the ransoms in order to recover a client’s system, finding it the cheaper option.
But with the number of such attacks increasing in frequency and cost, it is becoming more expensive for businesses and governments to afford such coverage, if they can even get it. For those lucky enough to have cyber coverage, they will likely see premiums doubled in 2022 with policy limits significantly scaled back.
by Terri Jo Neff | Oct 6, 2021 | News
By Terri Jo Neff |
Gov. Doug Ducey has secured the funding necessary to launch Arizona’s new Cyber Command Center, and during a ceremony at the Arizona Department of Public Safety’s Arizona Counter Terrorism Information Center (ACTIC) on Monday he equated cybersecurity with homeland security.
“Our society is becoming increasingly interconnected through technology, and cybersecurity has become one of the most important issues facing Arizona,” Ducey said Monday. “This new command center will be critical in protecting Arizonans and ensuring our cyber infrastructure remains safe and secure.”
According to the governor, the state has spent nearly $15 million in the last year to address cyber threats and implement best practices. The results are impressive, with the Arizona Department of Homeland Security detecting and alerting on about 68 million threats and protected state websites from over 800,000 attacks in September.
The new Cyber Command Center will be Arizona’s headquarters for coordinating statewide cybersecurity operations, and will serve as a central location for cybersecurity professionals and local, state and federal agencies to prevent and respond to cyberattacks. Several programs will be run out of the command center, including the Arizona Counter Terrorism Information Center, a joint effort created in 2004 among DPS, AZ DHS, the FBI, and other agencies to support Arizona’s homeland security efforts.
Ducey has been successful the last few years in securing funding to address cybersecurity threats which impact not only state agencies, but also local governments, the private sector, educational institutions, and citizens.
In Fiscal Year 2020, the governor secured legislative approval to add $2.9 million to the Arizona Department of Administration’s Statewide Information Security and Privacy Office. The money was earmarked to enhance the operations of the office and purchase additional cybersecurity controls to combat cyberthreats on state IT assets, according to Ducey’s office.
He has also tapped $9 million in FY2020 and FY2022 to improve the Department of Education’s school finance system which distributes billions in state and federal funding to Arizona’s public schools. In addition, nearly $500,000 of funding will be available to the Arizona Department of Emergency and Military Affairs (DEMA) in FY2022 to establish a cyber task force to perform cybersecurity prevention and response activities on behalf of the state, according to the governor’s office.
That is on top of a one-time $300,000 credit to the National Guard Cyber Response Revolving Fund to allow the National Guard to engage in cyberattack prevention, response, and support activities for the state and other public entities.
Arizona is not the only state making cybersecurity a priority, and public records show many of the projects across the country are being paid for by federal funds under the CARES Act.
According to the Center for Digital Government, the CARES Act provided more than $150 billion in March 2020 to state and local governments to address cybersecurity issues brought about by IT budget constraints, modernization issues, and new challenges such as remote work and distance learning. In December, Congress later extended the deadline for utilizing the funding after some states complained of not being able to get projects quickly operational due to time and staff constraints.
“This extension is critical because our research indicates state, local and county governments still have billions of federal dollars left to spend,” according to a briefing by the Center for Digital Government, a national research and advisory institute on information technology policies and best practices in state and local government. “Doing so will increase their resilience, streamline constituents’ access to critical services, and safeguard critical government systems and all the valuable public data they collect.”
In North Carolina, $4.5 million of CARES funding was allocated to create a shared cybersecurity infrastructure for its Department of Public Instruction. The project also facilitates district cybersecurity monitoring and support,, which according to the briefing “has become even more essential as the schools in the state experience a surge in ransomware attacks.”
Meanwhile, the briefing notes Oklahoma has used its federal aid for a secondary data center with higher availability and advanced disaster recovery capabilities. State officials call the investment “critical” to ensuring the capability to deliver core public services in an emergency.
Idaho, Montana, and Texas are examples of other western states utilizing CARES funds for cybersecurity projects.
by Terri Jo Neff | Aug 9, 2021 | News
By Terri Jo Neff |
The owners and operators of the several critical pipelines which crisscross Arizona have been directed by the Department of Homeland Security’s Transportation Security Administration (TSA) to make cybersecurity a priority, the second such mandate this year.
A Security Directive issued in late July requires owners and operators of TSA-designated critical pipelines which transport hazardous liquids such as gasoline, diesel, and jet fuels, as well as natural gas (also known as methane) to implement a number of “urgently needed” protections against cyber intrusions.
The mandate also applies to dedicated high vaper pressure (HVP) pipelines used for the transport of liquefied petroleum gases (LPGs) such as propane, normal butane, and isobutane.
According to the Arizona Corporation Commission, Arizona is served by several interstate pipeline transmission systems including Cross Country Energy Corp’s Transwestern Pipeline, Dominion Energy’s Southern Trails Pipeline, Energy Transfer Partners’ Transwestern Pipeline, Kinder Morgan’s El Paso Natural Gas, Mohave Pipeline, Questar’s Southern Trails Pipeline, Southwest Gas, and TransCanada’s North Baja Pipeline.
There are then several intrastate distribution and transmission pipelines, including Abbott Nutrition, Alliant Gas Arizona, Applied LNG Technologies, Arizona Public Service, Calpine Pipeline, Desert Gas Services, Duncan Rural Services, Gila River Power, Mineral Park Mine, Nucor Steel Kingman, Pimalco Aerospace Aluminum, Plains LPG Services, Swissport Fueling, UniSource Energy, and Zapco / Biogas Energy Tactics.
The recent Security Directive requires those operating critical pipelines to put into place mitigation measures to protect against ransomware cyberattacks and other threats to information technology and operational technology systems. They must also develop and implement a cybersecurity contingency and a recovery plan, and conduct a cybersecurity architecture design review.
“Through this Security Directive, DHS can better ensure the pipeline sector takes the steps necessary to safeguard their operations from rising cyber threats, and better protect our national and economic security,” according to Alejandro Mayorkas, Secretary of Homeland Security. “Public-private partnerships are critical to the security of every community across our country and DHS will continue working closely with our private sector partners to support their operations and increase their cybersecurity resilience.”
DHS and TSA issued an initial Security Directive in May following a ransomware on Colonial Pipeline, which moves gasoline, diesel, and jet fuel from Texas to the eastern United States. Colonial Pipeline paid a $4.4 million ransom to hackers who accessed the company’s billing software, triggering a pipeline shutdown until it was certain the cyberattack had not targeted the company’s operational software.
The May directive mandated the reporting of all confirmed and potential cybersecurity incidents to DHS’s Cybersecurity and Infrastructure Security Agency (CISA). Each pipeline owner or operator was also required to immediately designate a Cybersecurity Coordinator who would be available 24 / 7 to federal officials.
There was also a requirement for an internal review of all current cybersecurity practices by the end of June, as was a report to TSA and CISA of all gaps in remediation measures.
TSA’s heightened attention on pipeline cybersecurity issues follows the agency’s efforts over the last two decades to enhance the physical security preparedness of hazardous liquid and natural gas pipeline systems across the country.
Page 1 of 11