Off the Kuff Rotating Header Image

Texas Department of Information Resources

“Coordinated cyberattack” on several Texas cities

That doesn’t sound good.

Twenty-three Texas towns have been struck by a “coordinated” ransomware attack, according to the state’s Department of Information Resources.

Ransomware is a type of malicious software, often delivered via email, that locks up an organization’s systems until a ransom is paid or files are recovered by other means. In many cases, ransomware significantly damages computer hardware and linked machinery and leads to days or weeks with systems offline, which is why it can be so costly to cities.

According to a weekend update by the Texas DIR, the attacks started Friday morning and though the locations aren’t named, “the majority of these entities were smaller local governments.”

Texas Governor Greg Abbott ordered a “Level 2 Escalated Response” on Friday following the incident, according to a statement from Governor’s Office deputy press secretary Nan Tolson. This response level, determined by the state’s Department of Emergency Management, is part of a four-step response protocol, and is one step below the highest level of alert, level 1 or “emergency.”

According to state emergency management planning guide, this means “the scope of the emergency has expanded beyond that which can be handled by local responders. Normal state and local government operations may be impaired.”

In addition to the state and local agencies assisting with the response, “Governor Abbott is also deploying cybersecurity experts to affected areas in order to assess damage and help bring local government entities back online,” Tolson said.

This NPR story has more details.

The Federal Bureau of Investigation and state cybersecurity experts are examining the ongoing breach, which began Friday morning and has affected mostly smaller local governments. Officials have not disclosed which specific places are affected.

Investigators have also not yet identified who or what is behind the attack that took the systems offline, but the Texas Department of Information Resources says the evidence so far points to “one single threat actor.”

Elliott Sprehe, a spokesman for the department, said he was “not aware” of any of the cities having paid the undisclosed ransom sought by hackers. He said the areas impacted are predominantly rural. The department initially put the number of cities attacked at 23.

Two cities so far have come forward to say their computer systems were affected. Officials in Borger in the Texas Panhandle, said the attack has affected city business and financial operations. Birth and death certificates are not available online, and the city can’t accept utility payments from any of its 13,25o residents. “Responders have not yet established a time-frame for when full, normal operations will be restored,” city officials said.

[…]

Experts say that while government agencies have increasingly been hit by cyberattacks, simultaneously targeting nearly two dozen cities represents a new kind of cyberassault.

“What’s unique about this attack and something we hadn’t seen before is how coordinated attack this attack is,” said threat intelligence analyst Allan Liska. “It does present a new front in the ransomware attack,” he said. “It absolutely is the largest coordinated attack we’ve seen.”

Liska’s research firm, Recorded Future, has found that ransomware attacks aimed at state and local government have been on the rise, finding at least 169 examples of hackers breaking into government computer systems since 2013. There have been more than 60 already this year, he said.

The city of Keene, near Fort Worth, was also hit, and their Mayor said the attack came via their IT provider, as these small towns outsource that task since they don’t have sufficient resources to do it themselves. This is a real problem that’s going to keep happening, and we really should put more money and effort into fighting against it at a state and national level. Good luck to all involved in cleaning up the mess. A more recent statement from the Texas DIR is here, and the Star-Telegram, the Chron, and the Trib have more.

In the cloud

Gotta say, this makes sense.

What do a warehouse in North Austin and a building at Angelo State University have in common? They hold trillions of bytes of data about some of Texans’ most sensitive information, including health and education records.

The Texas Legislature created the twin data centers in 2005 to consolidate disparate data management operations at dozens of state agencies. But since then, as government programs churned out more and more electronic information about health care, highways, public schools and other key services, the cost to operate the facilities has ballooned.

This session, lawmakers are considering an overhaul of how the state uses its data centers, with an eye toward private tech companies like Amazon and Microsoft that own private networks of remote servers known as a “cloud.” Proponents say hiring such a firm to be the official keeper of much of the state’s data could save millions of dollars and modernize vulnerable government tech infrastructure. But detractors say the current set-up is working fine and that any kind of structural change would be laborious, expensive and potentially risky.

A decade ago, it cost $278 million to run the centers over the state’s two-year budget cycle; under the current spending plan, it costs about $489 million to operate them.

“What can we do to try to reduce those costs?” state Rep. Giovanni Capriglione, R-Southlake, asked state information officers at a recent committee hearing. “Today there’s a lot of options in terms of what we can do with the data center.”

Though some lawmakers have bristled at the idea of private companies storing Texans’ personal information in far-flung locations, proponents of the reforms say data security will be at the forefront of any decision they make.

“We are not signing a contract with anybody until we have a chance to find out what’s really going on here,” said state Sen. Jane Nelson, a Flower Mound Republican who chairs the Senate Finance Committee. “The discussion about whether we do cloud and all that, we can have that discussion. I want to make sure — A, we’re protecting that information, [and] B, that we are keeping that information in Texas.”

Much of the data center debate this session has centered on a $1.5 billion deal that the Texas Department of Information Resources made with a French-headquartered company, Atos, to operate the facilities. In recent committee hearings, lawmakers have encouraged the agency to look at data storage options offered by cloud-computing service providers.

“I don’t understand why we’re so far behind here on this,” said state Rep. Donna Howard at a recent legislative hearing on data centers. The Austin Democrat noted that her city’s — and Texas’— reputation as a tech hub doesn’t jibe with the state government still “doing Medicaid on Excel spreadsheets.”

[…]

Last week, Nelson filed a bill that would require state agencies to consider cloud-based storage options when creating new government software applications. Another bill, authored by Capriglione, would create a technology modernization fund that agencies could use to pay for a transition to cloud-computing services.

State agencies already have some authority to bypass the data center and hire outside companies for certain data management projects, but only if the agency gets permission from the Department of Information Resources.

In an interview, Capriglione said he had heard from state officials, whom he declined to name, who recounted their frustrations working with a state data center they said was expensive and cumbersome.

“Here’s the reality — anyone that’s looking at this has come to the conclusion that cloud-based technology is significantly more secure, more resilient, more future-proof, than any sort of in-house data center client service,” Capriglione said.

As someone who works in IT, I agree with Rep. Capriglione. It’s not magic and it’s not set-it-and-forget-it, but it is industry standard now, and not to move in that direction would be weird and almost surely more expensive in the long run. Texas doesn’t have a great track record with large IT projects, but a lot of that was driven by bad ideas about cost-saving. Both of the bills above seem like the right idea. If you’re not moving forward in IT, you’re stagnating.