Attack puts agencies out of site

GSA shuts down California domain after hacker incidents

Backup plan keeps one agency up and running

As some of California's state Web sites sank into the ocean earlier this month ' virtually speaking ' at least one state agency proved the value of having an emergency plan.

The California Air Resources Board, whose site is at, used a backup site hosted on a free domain separate from the site. ARB's employees were notified of the domain shutdown by e-mail and instructed to use the temporary backup site. The agency's Web site and e-mail stayed operational during the crisis.

ARB's 'quick and dirty' operational recovery solution was to create a temporary Web site outside the domain, which was also outside ARB's information technology infrastructure, said Bill Welty, ARB's chief information officer. Visitors who typed in the agency's URL were redirected to the backup site.
The agency has had the backup site for more than a year. It's easy to update and maintain and is 'relatively rich in functionality,' Welty said. In an emergency that requires IT personnel to recover mission-critical systems, non-IT staff can update the temporary Web site. Employees can access the Web site from anywhere and be kept informed of assignment changes and breaking news.

'We've always believed in spreading the risk of disruption, including taking advantage of low-cost social-networking solutions,' Welty said.

He also advised agencies to create dark accounts for key employees on Yahoo, Gmail or other services to be activated in an emergency. Or use the temporary Web site and have employees register their personal e-mail accounts ' almost everyone has at least one nonwork e-mail address. The resulting file could be turned into a listserv directory, creating a temporary e-mail network environment, Welty said.
These might seem like simple fixes, but they work, Welty said. 'No emergency procurement required. User training is minimal, and ongoing maintenance is limited,' he said. 'Best of all, they cost very little.'
' Trudy Walsh

Some of California's state Web sites vanished temporarily early this month as the federal General Services Administration tried to limit the impact of a hacker attack.

GSA closed down the domain for more than seven hours after someone ' the perpetrator hasn't been caught ' hacked into the Transportation Authority of Marin's Web site at and redirected some of the links to pornographic Web sites.

Officials at GSA, which manages all .gov domains, noticed the links Oct. 2 and promptly pulled the plug on all Web sites with a address.

GSA sent an e-mail to a technical employee at California's
Department of Technology Services around 11 a.m. PST, said Jim Hanacek, acting deputy director at DTS' policy and planning division.

The California employee, who is responsible for routine Web events but nothing as urgent as a statewide domain shutdown, didn't see the e-mail until around noon.

Alarmed, DTS officials activated the department's emergency operations center at about 2 p.m., Hanacek said.

GSA gave the green light again to the domain at around 5 p.m., and the systems were back to normal by 7:30.

The majority of California's Web sites didn't suddenly go dark; it was more of a rolling brownout. 'There were isolated difficulties exchanging e-mail between agencies and isolated cases of Web sites being inaccessible,' Hanacek said.
One of the challenges was managing the coast-to-coast communications necessary to resolve the problem. California was just starting to figure out the scope of the problem when GSA employees in Washington were heading home.

Luckily, there was no threat to confidential or sensitive information during the domain outage, Hanacek said.

GSA officials agreed to notify California before making significant changes in the future, Hanacek said.

In a statement, GSA apologized for 'any inconvenience to the citizens of California. ...The potential exposure of pornographic material to citizens ' and tens of thousands of children ' in California was a primary motivator for GSA to request immediate corrective action.'

Problems persist, however, for the Marin transportation Web site. The site was hit with another hack attack the weekend of Oct. 6, and Marin officials decided to shut it down Oct. 10.

At press time, the Web site displayed a notice saying it was down for maintenance.
The Marin Transportation Authority's executive director, Dianne Steinhauser, was contacted by e-mail and declined to comment at that time.

About the Author

Trudy Walsh is a senior writer for GCN.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected