Public Sector Cybersecurity Weekly Briefing 03-02-2018

A 2-Step Approach to Securing Local Government
In the first of our 3-part series for local government, 5 IT Trends Changing Local Government, I talked about the changes upcoming generally for information technology management, and how those changes will manifest in the public sector – specifically for local government. Reminder: this includes cities, counties, public utilities, maritime ports, and any other organization designated as a “special-purpose district” (usually with taxing authority). The following involves moving the narrative from IT in general to IT security, and the challenges that will accompany those changes.


Wire-transfer Scheme, Ransomware Attack — Tiny Yarrow Point Finds Itself in Criminals’ Crosshairs 
Yarrow Point Mayor Richard “Dicker” Cahill usually goes by his nickname in messages. But that escaped the notice of the town’s financial coordinator when he wired $49,284 to an unidentified con artist as part of an email scam in August. […] What worries Hamilton, who was Seattle’s chief information security officer, is that theft of money is only a glimpse of what criminals can do to a city. Records, city services, communication and infrastructure also are at risk. “That is the real exposure,” he said. “This is really a canary in the coal mine, and local governments need to wake up.”


DOJ Forms Cyber Task Force to Tackle Election Interference
The task force will be chaired by a senior official appointed by Deputy Attorney General Rod Rosenstein, and its membership will include representatives from DOJ offices including the department’s Criminal and National Security Divisions, the ATF, FBI and DEA, among others, Mr. Sessions wrote in a two-age memorandum touting its creation sent to department heads last week and released to the public Tuesday.


You Get a Criminal Record! And You Get a Criminal Record! Peach State Goes Bananas with Expanded Anti-hack Law
A proposed anti-hacking law in the US state of Georgia is raising all kinds of alarms – because it could criminalize anyone who breaks a website or ISP’s T&Cs. The bill, SB 315, would expand the state’s computer crime laws to include penalties for accessing a machine without permission even if no information was taken or damaged. Drawn up by state senator Bruce Thompson (R) in January, the proposed legislation has been approved by Georgia’s senate, and is being considered by its house of representatives.


WannaCry Hits 12 Connecticut State Agencies is reporting that the attack began late Friday afternoon and eventually impacted 12 separate agencies. NECN learned the attack involved WannaCry when it became privy to a state email discussing the attack. The agencies involved in the attack were not named. The news site is reporting that Connecticut officials do not believe the malware will not negatively impact any state-delivered services.


Stay up to date on the Public Sector Information Security news that you need to know by signing up for our Public Sector Briefing Here.


Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.