Ukraine war puts US cities, states on cyber alert

Getty Images/sarayut Thaneerat

 

Connecting state and local government leaders

States are blocking Russian IP addresses and running through scenarios to streamline cyberattack response and network lockdown procedures.

President Joe Biden this week urged U.S. companies to be on high alert because of “evolving intelligence” that Russia is exploring options for potential cyberattacks against critical infrastructure targets.

Even before Biden’s warning, state and local governments were busy shoring up their cybersecurity in response to the Russian invasion of Ukraine and the elevated threat of cyberattacks targeting the United States.

Nearly two weeks before Russian troops poured over the border, the U.S. Cybersecurity and Infrastructure Security Agency issued a “Shields Up” warning about the growing threat. It advised every organization, including state and local governments, to “adopt a heightened posture” and be prepared to respond to disruptive cyber activity.

The federal agency offered guidance on steps to take, including updating software, testing backup procedures and ensuring that manual controls are available.

On Feb. 24, the day of the Russian attack on Ukraine, New York Democratic Gov. Kathy Hochul said at a news conference that her state was “on heightened alert with respect to cybersecurity and our own defenses.”

Just days before, Hochul had announced the creation of a joint cybersecurity operations hub in Brooklyn to coordinate between the state, major cities, local and regional governments, critical infrastructure businesses and the federal government. The hub will address threats and deal with cyber incidents.

In Colorado, Democratic Gov. Jared Polis signed an executive order on Feb. 24, directing the Office of Information Technology to identify and focus resources on protecting critical state infrastructure from Russian cyberattacks.

The following day, Texas Republican Gov. Greg Abbott ordered state information technology and public safety officials to make sure cyber incident response teams are ready and that a potential cyber intrusion can be quickly detected through antivirus and other software.

He also mandated that officials track and report to the public any attacks from Russian sources.

And last week, North Carolina Democratic Gov. Roy Cooper signed an executive order establishing a joint cybersecurity task force comprised of state information technology, emergency management, National Guard and local government members.

“Geopolitical events like Russia’s unlawful invasion of Ukraine can lead to an increase in cybersecurity threats and attacks,” which can affect the delivery of essential services to North Carolinians, the order says.

In Connecticut, Chief Information Security Officer Jeff Brown said in an interview with Stateline that the state has been “very aggressively” blocking IP addresses coming from computers in Russia. An IP address is a unique series of numbers that allows computers to send and receive data over the internet.

“Why would someone coming into our system from a computer in Russia have any need or reason to be looking at the state of Connecticut?” Brown said. “We aren’t allowing their internet traffic through.”

Connecticut also has been running through “scenario planning” to figure out what could happen if there is a cyberattack and the state had to lock down its network, he added.

“When you’re talking about a nation-state actor with people who are trained all day every day to break into networks, they’re a very formidable adversary,” Brown said. “It’s difficult to defend against that.”

While there is no reason to believe that Connecticut is being threatened, Brown said, he worries about all the services the state oversees, such as transportation and health care, that could be affected in a cyberattack.

In Colorado, cybersecurity officials have increased the monitoring of their systems, said Tony Neal-Graves, the chief information officer and executive director of the Office of Information Technology.

“Everything that’s gone on in the Ukraine and Russia brought this all to the forefront,” Neal-Graves said. “We’re collecting additional data and logging that information and sorting through it. If we see something, we need to err on the conservative side and report more than we normally would to the feds.”

While Colorado has seen no credible threats so far, Neal-Graves said he is trying to make sure that his agency has systems in place to protect not only the 30,000 people employed by the state but also the public.

Since Russia’s attack on Ukraine, the Multi-State Information Sharing and Analysis Center, a federally funded group that helps state and local governments prevent and respond to digital threats, also has boosted its efforts, said Randy Rose, a senior director. The group sent information to every state about ways to take defensive actions.

But states shouldn’t just focus on Russia, Rose noted, because other cybercriminals and “state actors” may attempt to take advantage of the increased focus on Russia “to slip in unnoticed.”

Connecticut’s Brown likewise said he’s concerned that a group not connected with Russia could find a vulnerability in the state’s computer network and exploit it.

“There are other attackers, and we need to not get distracted with a single adversary,” he said.

Earlier this month, Mandiant, a cybersecurity company, discovered that a hacking group linked to the Chinese government had compromised and stolen data from at least six state government networks between May 2021 and February 2022.

Many local governments also are trying to beef up their cyber defenses, said Alan Shark, executive director of the CompTIA Public Technology Institute, a Washington, D.C.-based nonprofit that provides consulting services to local governments.

City and county governments also are making sure they’re checking for phishing, looking closely at all the spam coming through and reminding employees to be more mindful when they open emails, Shark said.

He said local governments are seeing a slight uptick in probes from Russia and Eastern Europe in the last several weeks.

“Until this horrific invasion, the biggest threat everyone had was ransomware,” he said. “Now people are worried about government-owned facilities. The alert level has gone up. They’re worried about water treatment plants, utilities, other municipal services.”

Ransomware typically spreads through phishing, in which hackers email malicious links or attachments and people unwittingly click on them. Malware then hijacks the victim’s computer system and holds it hostage until the victim either pays a ransom, usually with the cryptocurrency bitcoin, or restores the system on their own.

In May, a ransomware attack by a cybercriminal group that operated out of Russia forced the shutdown of the Colonial Pipeline, sparking panic buying and gas shortages along the East Coast.

And in February 2021, a hacker got into the city of Oldsmar, Florida’s water treatment plant computer system, boosting the level of sodium hydroxide—or lye—in the water supply to 100 times higher than normal.

“The big fear is what happens if our utilities no longer work?” Shark said. “What if we aren’t getting clean water or what if public safety communications are knocked out? It’s infrastructure that keeps the city or county alive.”

Shark said local governments not only need to make sure their systems are up to date with the latest cyber software but also to have a plan if their network goes down.

“What are the backup communications among staff? How can we come up with services?” Shark said.

While local governments are looking forward to getting at least 80% of a new $1 billion federal cybersecurity grant program that will be distributed to states beginning later this year, it won’t help them improve their defenses against a possible Russian cyberattack now, Shark noted.

Aldona Valicenti, a commissioner and chief information officer for Lexington-Fayette Urban County Government in Kentucky, said local governments need to heed the federal cybersecurity agency’s advice about ways to beef up their protection in light of the Russian attack.

“We’re telling our people to be much more vigilant, to be alert to things that come from the outside. Don’t click on stuff if you don’t recognize it,” she said. “We’re monitoring IP addresses all the time.”

This article was first posted to Stateline, an initiative of The Pew Charitable Trusts.

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.