Cyber attack headaches linger at state patrol, other Ga. agencies

Cyber attacks that hit some state agencies in Georgia earlier this summer continue to ripple through the system, particularly for law enforcement and the courts.

Meanwhile, security officials work to boost software safeguards and train thousands of employees to avoid triggering future attacks.

Over the course of a month starting in late June, three separate ransomware attacks struck the state’s courts, emergency management and the Georgia Department of Public Safety. The blitz came amid a wave of cyber hacks on local and state governments across the country, heightening concerns among officials and experts over the vulnerability of critical security infrastructure.

Since then, Gov. Brian Kemp is requiring every state employee in Georgia to complete mandatory cyber security training or face consequences “up to and including termination,” according to an executive order he signed on Aug. 13. The Georgia Technology Authority, which oversees cybersecurity in state government, has prodded several agencies to reconfigure their online firewalls and back up their files more regularly.

“We’re trying to bring them up to speed on what good cyber hygiene looks like,” said David Allen, the state’s chief information security office. The Georgia Technology Authority also is working with the state’s $100 million Cyber Center in Augusta to provide employee training.

The pain is still felt at a couple of state agencies where employees opened emails months ago that unleashed trouble.

Writing crash and arrest reports by hand has been the order of the day for Georgia State Patrol officers since July 26, when a ransomware attack knocked out the agency’s main server. Any reports or citations logged before then as far back as 2009 will remain inaccessible until tech staffers finish scrubbing all of the 1,667-person agency’s electronic devices, said State Patrol spokeswoman Lt. Stephanie Stallings. It’s not certain when the main server will be brought back online.

“It has really put a damper on a lot of things,” Stallings said Friday. “We’re still doing our job, but it’s just very antiquated.”

Some older software programs run by the state Administrative Office of the Courts were so corrupted after a June 28 ransomware attack that they’ve been scrapped for good. And an encrypted shared drive that holds a trove of records and data is still being rebuilt after the attack, the courts agency’s assistant director, Michelle Barclay, said by email Friday.

The Georgia Emergency Management and Homeland Security Agency weathered the hacking storm with fewer complications. The agency’s existing software protection managed to pinpoint and isolate a ransomware attack on July 5 before it could invade key systems, GEMA spokeswoman Lisa Rodriguez-Presley said Friday.

All Georgia government agencies should instruct employees not to open suspicious emails or documents, said Greg White, the director of the Center for Infrastructure Assurance and Security at the University of Texas at San Antonio. They should patch their security systems and make sure they maintain regular off-site backups separate from main servers, he said. Agencies also need to maintain comprehensive cybersecurity insurance that covers all types of attacks.

“Make sure all your current defenses are up to date,” White said. “There’s really not too much you need to do to be in a fairly good security posture … but you’ve got to set the policy and you’ve got to stick to it.”

Georgia agencies that fell prey to ransomware attacks are taking many of those steps. The Administrative Office of the Courts plans to buy cyber insurance and recently contracted with Amazon for cloud-based networks data storage, the office’s director, Cynthia Clanton, said at an Aug. 26 hearing. The state patrol recently installed new protection software on its servers and all smaller devices, Stallings said.

On top of the mandatory training, some agencies are testing employees to see if they’ll fall for an email ransomware trick. The Georgia Public Service Commission, which oversees utility regulations, sent out fake phishing emails last month that duped three employees. The emergency management agency plans to send out test emails soon, spokesperson Rodriguez-Presley said.

Kemp’s Aug. 13 order also revives a state cybersecurity review board that will audit agencies to determine whether their employees are properly trained.

The job of ensuring state agencies follow security protocols falls largely to the Georgia Technology Authority, which manages security services that cover about three-fourths of the state’s employees, said Allen, the information security chief. Some smaller agencies that self-administer security programs will now receive more hand-holding on performing routine activities like backing up servers.

“Those (agencies) that need a little extra help, we’re trying to identify where that is and give them a little a little more guidance to increase their security posture,” Allen said. “If you’ve got a clean environment to restore from, you can get up faster.”