Cybersecurity keeps county IT staff busy

Systems face same issues as others locally, council told

By Jake Thomas, Columbian staff writer

Published:

 

When it comes to keeping its information technology systems secure, Clark County has many of the flaws typical of other local governments and business entities, IT staff told the county council at a work session on the topic Wednesday.

During the session, Sam Kim, Clark County’s chief information officer, mentioned how cyberattacks are becoming increasingly common. He referred to cyberattacks on hospitals, local governments, as well as on large companies such as Target and Home Depot, where customers’ personal information was stolen. He also mentioned an incident at the Port of Vancouver where someone used its guest Wi-Fi during a public meeting to attack the network, preventing anyone from viewing its proceedings online.

“You would think, ‘Hey, why hasn’t Clark County been hit yet?’ ” said Kim. “Well, Clark County had been hit.”

Kim said that 10 years ago, Clark County was hit with a notable cyberattack on its website. Speaking after the meeting, Kim said that the attack resulted in the county’s website being defaced, with the county logo removed. While he said the incident could have been worse, he said the county’s response was “don’t worry about it,” when it should have set off alarm bells.

Marlia Jenkins, administrative services manager, said that now the county’s IT department routinely responds to incidents of possible attacks or malware. She said IT workers will disconnect a possibly infected machine to prevent malware from spreading to the network. Sometimes she said that the machines are just malfunctioning and likened the situation to having frequent “fire drills.”

“The better we get, the more we find,” she said.

During the work session, Jenkins said that two audits found the county was “pretty typical” of other local governments when it came to cybersecurity. She said that the most recent county budget funded a cybersecurity team and there are efforts underway to better train county employees to keep the network secure.

While Kim wouldn’t get into details of what vulnerabilities exist in the county’s network, he said one growing problem is so-called phishing scams, where someone sends a malicious email disguised as a legitimate message that’s intended to gain access to a network or other sensitive information. He said phishing emails are looking more official and convincing all the time.

Spencer Bauman, a county IT security specialist, said that even when an organization puts its best foot forward it still is sometimes not enough. He said that employees accessing the county network remotely can create vulnerabilities as well as improperly configured devices. He also said that outside vendors could also introduce vulnerabilities.

Kim pointed to how the city of Henderson, Nev., was attacked with malware two years ago, resulting in the jail system not working for six weeks. He said the city discovered the malware in nine days. He said it typically takes 250 days for malware like that to be discovered. But, he added, “We know from the IT world that milliseconds count.”