


Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
The experiences of georgetown and lexington counties in dealing with cyber attacks, the lessons they have learned, and recommendations for other counties to protect themselves. It includes insights from it directors, public information officers, and emergency services directors.
Typology: Exercises
1 / 4
This page cannot be seen from the preview
Don't miss anything!



52 FALL 2021
By W. Stuart Morgan III
ounties are attractive targets for hackers, and they are under attack! After Georgetown County sustained a ran- somware attack on January 20, the county worked hard to recover until receiving a clean bill of health 52 days later. Threatened by a growing number of cyber attacks in recent years, Lexington County continues to work hard to avoid one. Both counties have learned lessons worth sharing.
Lessons Georgetown County Has Learned
“Our county’s cyber intrusion event occurred over the weekend when someone opened an email attachment,” recalled Seth Housand, IT Director, Georgetown County. “The email itself did not set off any red flags within the email se- curity filter at the time nor did it have any key idicators such as mispelled words, a strange email address or sense of urgency that you often look for in phishing emails. “The only exception to that email was its attachment,” Housand added. “Once that attachment was opened, its malicious payload was delivered. We became aware of the intrusion three days after the attack when alerts began and red flags went up because a server was rebooted off schedule and its services stopped. Upon investigation, we found a ransom note and all data had been encrypted.” That cyber attack destroyed all of Georgetown County’s computer systems, and halted all of the county’s virtual operations requiring Wi-Fi. The county paid a $10,000 deductible on its cyber attack insurance policy, which helped replace computer equipment. County Council also voted to approve a general fund increase of $140,000 to help pay for necessary network upgrades.
Seth Housand, IT Director, Georgetown County
Jackie Broach, Georgetown County PIO
Jackie Broach, Georgetown County Public Information Officer (PIO), said hackers tried to gain access to county records, most of which were already public record. But they did access the social se- curity numbers of about 50 county employees in one department that were stored on a computer, and some of the county’s bank account information that was outdated and no longer used. Georgetown County’s leaders recognized that the attack would affect the public and county employees, and the importance of mes- saging immediately after the attack. “Our initial media statement went out early Monday morning, January 25, once initial stages of the investigation were conducted over the weekend,” Broach said. “The wide-ranging media interest in the days, weeks and months following the attack was more than a little surprising. Media interest was im- mediate, and the public had questions about how this could impact them and whether any of their private information was compromised.
COUNTY FOCUS 53
“My primary responsibility was to answer questions on how the cyber attack would affect the public, and to respond to the concerns of the public and media,” she added. “After notifying county leadership, law enforcement and our county’s cyber insurance company, I needed to tell the public what I could and be as honest and as transparent as I could about it.” Communicating externally with the public was one thing, but communicating internally with county staff was another, according to Broach. Communication internally was significantly more difficult. The county’s administrative services/HR director set up regular virtual conferences on GoToMeeting every Monday, Wednesday and Friday morning to update departments on the latest developments. Communication was conducted virtually with department heads and other key county personnel until the county’s computer systems were up and running again. Gmail accounts were set up and used for two weeks immediately after the cyber attack while the county’s email system was inaccessible. “The most difficult part about messaging following a cyber attack is figuring out how to answer ques- tions when you are still trying to determine exactly what has been compromised,” Broach said. “Because a huge part of my job is to be ready to communicate during disasters, such as hurricanes, and our county’s cyber attack was very similar to that, my files were backed up, and all my equipment was mobile. So, I was able to grab my stuff,
move to the Emergency Operation Center (EOC) and keep working. “The biggest issue for me was that I couldn’t access my email,” she added. “But I used the gmail address, which was set up for county use, and used that account to send out the initial news release to let people know that they could use my gmail address to contact me for the forseeable future.” Brandon Ellis, Director of Emergency Services, Georgetown County, facilitated the operation of the county’s EOC after the cyber attack, and coordinated with emergency services agencies operating under the EOC umbrella. He also helped allocate emergency/disaster resources and coordinate with county leaders as they dealt with the attack. Georgetown County’s experience and approach to managing events like major floods, hurricanes and COVID-19 helped the county respond effectively and efficiently to the cyber attack. “The all-hazards approach to our planning process allows our emergency response plans to be applicable to any and all emergency situations,” Ellis explained. “In ad- dition to our comprehensive emer- gency operations plan, which has a detailed appendix specifically for cyber incidents, we were also able to leverage our continuity of opera- tions plan and our logistics plan to ensure that government operations continued while our county network was basically unavailable. “Typically, during an emergency,” he added, “our county’s IT
Brandon Ellis, Director of Emergency Services, Georgetown County
There is nothing quite like suffering a cyber attack to make you rethink your county’s plans and procedures for handling one. Just ask Brandon Ellis, Director of Emergency Services, Georgetown County. He learned some lessons after his county sustained a cyber attack earlier this year that he believes could help other counties prepare for a cyber attack as well as any other catastrophic emergency or disaster. Ellis emphasized that it is important to: “ Be Flexible. Staff members get in a routine and they enjoy technology when it is working. When it’s not, they don’t handle the situation as well. We were constantly preaching to our staff to be patient and be flexible. As we worked through the process we had to identify alternative methods to accomplish normally simple tasks. As sys- tems came back online, they did not operate as fast as they may have previously due to added protection and scanning mecha-
nisms. “ Have a Backup Plan in Place and Know What It Is. We have a very com- prehensive continuity of operations plan (COOP) that each department reviews, up- dates, and contributes to annually. The first option was to activate this plan to continue operations but it was quickly identified that the information therein was not completely up to date for all departments. As we waded through this information and encountered challenges along the way, we successfully worked through them but our efficiency in navigating these issues and deficiencies would have been much better had we been provided the right information in the plan. The point: Review your plans and update them when requested. We do this so that the guesswork is out of the picture when an emergency occurs. “ Have Backup or Alternative Systems. We quickly learned that our emergency man- agement department housed the majority of available surplus laptops, mifi devices, and
cradlepoints within the county. We were able to manage the distribution of these resources to other departments using our resource allocation and tracking processes that we utilize for every other major emergency situation, and with great success. “ Build Relationships. From our emer- gency planning and coordination initiatives, we were fortunate enough to have some of our partner agencies from outside of county government immediately reaching out to provide assistance and resources. These relationships are based on years of great coordination and team building, and is a true testament to our whole community ap- proach to emergency planning and response. “We must approach every situation with an open mind and be willing to learn from it,” Ellis said. “As a county, I think that we suc- cessfully did that after we discovered holes in our plans and procedures for handling a cyber attack when we suffered one earlier this year.”
How to Prepare for a Cyber Attack
(Continued on next page)
COUNTY FOCUS 55
Lynn Sturkie, Lexington County Administrator
years, and it continues to be threatened despite the county’s best efforts to protect itself against cyber attacks. But Lexington County is not alone. “More and more, county governments are becoming targets of ransomware and other threats,” Sturkie said. “If you have email, Internet or utilize cloud services, there are constant risks of threats from both outside and inside your organization. So, it is important to remain vigilant about security, and to train your staff members how to recognize suspicious activity and how to prevent cyber attacks. Your staff is your best alert system, and security awareness is best fought with education and awareness.” Lexington County provides structured training for all county employees to heighten their aware- ness of threats, and the appropriate actions they need to take to guard against them. Employees are re- quired to take this training and retake it whenever necessary, and new employees are encouraged to take the training within the first week after they begin working. Sturkie said counties need to be protected against external and internal threats. Staff members must also be able to access their infor- mation freely, but unauthorized persons should not be able to review, change or delete county information. Lexington County has a Technology Services team that uses a number of approaches to secure data and systems from cyber attacks, including: l Staff education and training to prevent breaches and reduce the number of computer viruses; l Deployment of software and hardware to detect and eliminate viruses and malware while allowing and monitoring authorized access; l Vulnerability scanning; l Internal and external penetration testing by a third-party pro- vider; and l Annual testing of recovery procedures ensuring our capabilities to restore systems and data. Sturkie recommended that county administrators support their technology teams if they have one, or create and support one if they
do not. He also recommended that they use resources and services offered by other government organizations, and understand that they are not alone. There are many resources available to help protect county computer systems and data. For a county to be sufficiently protected against cyber attacks, Sturkie said that it is important that:
Foundations Testing Geotechnical Engineering Hydrology/Hydraulic Design Intelligent Transportation Systems Pavement Engineering Port Engineering/Civil Site Design
1021 Briargate Circle Columbia, SC 29210 | 803-822-0333 | www.ice-eng.com
Infrastructure Consulting & Engineering, PLLC is committed to providing innovative and efficient transportation engineering solutions in a work environment that encourages safety, health, and a balanced life. Architecture Aviation Engineering Bridge/ Structural Design Construction Management/ CE&I Design-Build Environmental Services
Public Relations Railroad Services Roadway Design Traffic Engineering Utility Coordination Surveying