Public Sector Cybersecurity Weekly Briefing 10-06-2017

Cybersecurity: Lessons from 5 States
Cybersecurity was perhaps the most consistent thread running through all the programming at the annual NASCIO conference this week. It’s on the minds of state CIOs, and many have well-developed strategies to protect state IT systems and constituent data, combat current threats and build strong cyber defenses. Here’s a look at a few state programs.


City of Englewood, Colo. Hit With Ransomware 
The city of Englewood, Colo. was hit with a ransomware attack which brought down the city’s internal network. The attack left the city’s civic center unable to process credit cards and the city’s library unable to place items on hold or accept late fines, according to an Oct. 4 press release. City IT officials spotted the malware the night of Oct. 3 and are currently working to investigate the full scope of the attack.


Small Towns Confront Big Cyber-Risks
Nearly 40 percent of local government CIOs report experiencing more attacks during the last 12 months, according to a 2016 survey by the International City/County Management Association (ICMA). And the frequency is increasing too, with 26 percent of CIOs reporting an attack, incident or breach attempt occurring hourly, while another 18 percent report a cyber attempt at least daily. That’s bad news for local governments, which have fewer resources than many larger jurisdictions to fight back. But it’s especially bad for small to mid-sized cities, counties and towns, which may have only one full-time person devoted to IT — including cybersecurity — if they are lucky.


Want to Prevent Ransomware Attacks? Prepare.
Ignorance of how ransomware attacks work also contributes to the spread of ransomware infections. Employees often aren’t aware of best practices to prevent attacks. Human errors can prove just as dangerous, if not more so, as unpatched systems, meaning that organizations should work to better educate employees on how to spot phishing attacks and admins should enable backups and contingency plans in the event of mistakes, researchers say.


Nothing Matters Anymore… Now Hapless Equifax Bags $7.5m IT Contract With US Taxmen
The tech contract was awarded on September 29, the same month the network intrusion was revealed, and will be worth $7,251,968 to the troubled credit reporting agency. The fact that the deal was signed off after the news of the massive security failure broke last month suggests someone at the IRS either doesn’t pay attention to the headlines, or just doesn’t care one way or the other.


White House Wants to End Social Security Numbers as a National ID
Rob Joyce, the White House cybersecurity czar, said on Tuesday that the government should end using the Social Security number as a national identification method. “I believe the Social Security number has outlived its usefulness,” said Joyce, while speaking at The Washington Post’s Cybersecurity Summit. “Every time we use the Social Security number, you put it at risk.” One problem with the Social Security number, he said, is that a victim of identity theft cannot get it changed after it has been stolen.


Senator Seeks Cyber Info From Voting Machine Makers
A U.S. senator wants to know how well the country’s top six voting machine manufacturers protect themselves against cyberattacks[.] […] A top-secret National Security Agency report leaked to the online news site The Intercept this summer detailed a Russian military-orchestrated hacking campaign in August 2016 that targeted a Florida-based software vendor with fake, phishing emails. That vendor manages voter registration and voter rolls in eight states, though the document said it was “unknown” to what extent the cyberattack compromised local election systems.


White House Cybersecurity Chief: Social Security Numbers a ‘Flawed System’
“I believe the Social Security number has outlived its usefulness,” Rob Joyce said Tuesday at The Washington Post’s Cybersecurity Summit. In the wake of the Equifax security breach, the White House is looking for safer ways, based on newer technology, to verify Americans’ identities. “It’s a flawed system that we can’t roll back after a breach,” Joyce said. Equifax hackers gained access to the Social Security numbers of more than 145 million Americans in a recent breach, The Hill reported.


Israeli Firm Offering WiFi Interception Service to Law Enforcement Agencies
Now it is time to welcome a new entrant at the Israeli digital mafia spectrum called WiSpear. It is a firm that is focusing on capturing the Wi-Fi interception domain of the market. It is a technology that is in great demand nowadays, and every state-owned institution including intelligence agencies, law enforcement, and military agencies pay hackers to infiltrate the networks of their targets.


HHS’s New 5-Year Strategic Plan Includes Cyber Goals
Overall, the privacy and security objectives outlined in the new HHS plan sound similar to themes in the more detailed IT strategic plan that was released in March. Top goals of that IT plan include protecting critical systems and data; improving the security and privacy posture of data and information systems; effectively preventing, monitoring and rapidly responding to emerging threats and vulnerabilities; and prioritizing cybersecurity investments through a risk-based approach.


Stay up to date on the Public Sector Information Security news that you need to know by signing up for our Public Sector Briefing Here.


Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.