With the September penetration of the Dallas County Courthouse by state-hired hackers and the December downing of the city of West Des Moines’ computer network fresh in their minds, the Dallas County Supervisors took up the question of digital security at their Jan. 7 meeting and discussed options for strengthening the county’s defenses.
“It’s a scary world,” Dallas County Director of Information Services Todd Noah told the supervisors. “We have been a target, and we’re going to continue being a target.”
Noah said the county’s network servers endure hundreds of attempted hacks every day from evildoers both within the U.S. and from overseas countries, such as Russia, China, Ukraine, Turkey, Pakistan, Kenya, Moldova, Indonesia and many others.
Noah was joined by Dallas County Senior Applications Analyst Rachele Lande in outlining for the supervisors some options for reducing risk to the county’s information system. Their department’s proposed budget for fiscal year 2021, for instance, includes software upgrades and cloud-based backups that promote system security.
Beefing up the county’s cybersecurity insurance is also an option. Bradley Bengston, risk management specialist with True North Companies, told the supervisors Jan. 7 that the county’s policy with the Iowa Communities Assurance Pool (ICAP) currently provides $250,000 in insurance against “cyber breach,” and that coverage could be increased to $1 million for an additional $3,500 premium.
“ICAP will only go up to $1 million,” Bengston said. “If we decide that we want to have more than that, we would need to go out to the insurance marketplace to find the quotes for that. There’s plenty of companies that would write it, and I can get quotes for that to see what it would be to go to $2 million, $3 million, $5 million, $10 million — to give you guys a better idea.”
Even the Jan. 3 assassination of the Iranian General Qasem Soleimani and Iraqi mujahideen Abu Mahdi al-Muhandis by a U.S drone strike could have repercussions for Dallas County, according to Bengston, who said “a big virus” could be launched as part of the Iranian response to the U.S. aggression.
“I’ve got some warnings around this stuff with Iran and some of the stuff that they’re doing,” Bengston told the supervisors Jan. 7. “New York specifically sent out some warnings to regulated industries around being on the look out for this type of stuff.”
Election tampering is also a risk. Noah said he has already seen “spikes in attempts” to penetrate the county’s election system due to Iowa’s prominence as a caucus state. The U.S. Department of Homeland Security confirmed 21 states had their election systems hacked by Russia in 2016 and later said they believe all states were targeted to varying degrees.
Democrats in the U.S. House of Representatives passed several election-related bills in 2018 and 2019, including a sweeping ethics and election reform measure, but the bills have stalled in the GOP-controlled U.S. Senate.
Noah said recovering from a thoroughgoing attack would be very costly — involving some 300 computers and 60 servers.
“A perfect example is what West Des Moines is going through now,” Noah told the supervisors. “Whatever hacked them or got to them was probably sitting in their system for months, just waiting to be triggered or for someone to trigger it. So then your backups have been affected at that point, so really what you need is something completely off site and not even connected with your network for backup. At some point, you’re doubling your costs by creating an environment here and then recreating it somewhere off site. Is that overkill? So you’ve got to weigh those costs and those decisions.”
Lucinda Stephenson, public information officer with the city of West Des Moines, told ThePerryNews.com Jan. 9 that the city had largely recovered from the Dec. 9 attack, when the West Des Moines information system managers “noticed that we were having some issues that appeared to be malicious.”
To minimize the extent of the infection, the city “shut the entire system down,” Stephenson said. “Then we had to put various workarounds in place for all the different operations. So I think people were emailing us, but we weren’t responding because the email system hadn’t been brought up yet.” All systems have now been restored, she said.
Following the cyber attack, city officials “had some discussion with local law enforcement officials and the FBI,” Stephenson said, “and we also notified our cyber insurance carrier, so it’s proved to be very beneficial that we do have insurance for this type of thing. Our insurance was fine, but any entity with computer systems should always be looking at what they can do to protect themselves. It’s tough because it’s always changing, so one solution today might not be what you need a year from now or six months from now. So that’s definitely going to be part of what we will be doing and have been doing.”
The supervisors took no action but agreed to return to the subject at a later date.
Unless WDSM had their USB ports locked down, my bet is an employee connected a USB drive to their computer and introduced the bug.