Earlier this month, Mandiant announced that it had answered to an intrusion by a Chinese-backed hacking group, APT41, that targeted the US state government computer network. The security company eventually uncovered a persistent effort that allowed malicious hackers to successfully compromise at least six US state government networks Exploiting vulnerable Internet-facing web applications using a zero-day vulnerability.
Mandiant was unable to determine the hackers’ motives, but said the intrusions were consistent with an espionage operation. The company also predicted that further investigation would reveal even more states whose agencies were affected by the effort.
These incidents underscore that state governments are just as attractive, if not more juicy, targets for malicious hackers as the federal government or any other organization. So it’s no surprise that state governments are stepping up their efforts to beef up their cybersecurity protections, launching Special Forceshire consultants, create security centers and boost spending on cybersecurity.
Recent State Cybersecurity Actions
The following significant statewide cybersecurity developments in the past six weeks point to this trend:
- New Mexico Named Senior Advisor for Cybersecurity and Critical Infrastructure: On March 18, New Mexico Governor Michelle Lujan Grisham Announced the appointment of Annie Winterfield Manriquez, Senior Leader of MITER Corporation, as its Senior Advisor for Cybersecurity and Critical Infrastructure. The governor’s announcement cited the geopolitical situation in Ukraine, threats from foreign actors against state governments and warnings about possible Russian cyberattacks as factors in Manriquez’s hiring.
- North Carolina Joint Cyber Security Task Force Established: On March 16, North Carolina Governor Roy Cooper signed an executive order that formally established the North Carolina State Joint Cybersecurity Task Force (JCTF), first announced in 2018. It comprises state agencies including Information Technology, Emergency Management, North Carolina Cybersecurity Task Force the National Guard and something called the Local Government Information Systems Association Cybersecurity Attack Team. The task force provides “incident coordination, resource support, and technical assistance to state and local government agencies and educational entities such as schools and universities that have been the target of significant cybersecurity incidents.”
- The Maryland legislature introduced a package of legislation to strengthen cybersecurity: Following the discovery of vulnerabilities in the state’s cybersecurity system, the Maryland General Assembly on March 1 inserted a six-bill package to improve the state’s cybersecurity posture. The bills would require the Maryland Department of Emergency Management to help local governments prepare for an attack, create the Local Cybersecurity Support Fund to help smaller governments upgrade their security systems, and establish a financing mechanism to modernize all your legacy IT systems. The package would also centralize all IT systems between state agencies to fall under the Department of Information Technology, require all state and local agencies to undergo annual security assessments, and create new offices to help local governments to improve their cyber security systems.
- Virginia House proposed a $150 million cybersecurity budget: Virginia House of Delegates submitted his version of the state budget in early March, allocating $150 million for cybersecurity initiatives over the next two years. Much of that figure, however, was already in then-Governor Ralph Northam’s proposed budget in December in response to an “extremely sophisticated malware” attack that temporarily crippled state legislative agencies.
- New York created a Joint Security Operations Center: On February 22, New York Governor Kathy Hochul Announced the creation of a Joint Security Operations Center (JSOC) in Brooklyn that will serve as the “nerve center” for joint local, state, and federal cyber efforts, including data collection, response efforts, and information sharing. The JSOC was described as the first one-of-a-kind cyber command center to provide a statewide view of the cyber threat landscape and improve coordination in threat intelligence and incident response. JSOC cybersecurity teams will leverage the resources of multiple organizations, including federal, state, city and county governments, critical businesses and utilities, and state entities, including the Division of Homeland Security and Emergency Services, Office Information Technology Services, New York State Police, MTA, Port Authority of New York and New Jersey, and the New York Power Authority.
The wide range of state and local government services is a target for cyberattacks
These efforts highlight how state governments are an attractive target for threat actors. “US state government networks amass many different departments and critical infrastructure, such as state elections, transportation, and financial information that can be valuable to threat actors,” Rufus Brown, senior threat analyst, practices, tells CSO advanced in Mandiant.
Local jurisdictions also encompass a wide range of critical services that need protection from threat actors, Rob Main, the chief risk officer for the state of North Carolina, tells CSO. “Citizen services are provided at the lowest possible level in the municipalities,” he says. “A cybersecurity incident that affects the confidentiality, integrity and availability of any system or infrastructure that supports citizens has the most profound impact on the lives of North Carolina.”
The North Carolina JCTF, launched primarily to coordinate and receive reports of significant cybersecurity threats from local governments, will step in if these jurisdictions need help, says Main. “If the county, city or town does not have the resources to respond to and recover from an incident, the Joint Cyber Security Task Force is mobilized to put the boots on the ground in the affected entity’s jurisdiction.”
States can likely expect more attacks from organized threat actors, according to Mandiant’s Brown. “Nation-state actors like China and Russia continue to persistently target these state networks to gain access and achieve their goals through intelligence gathering,” she says.
“The variety of data within state government networks can serve a wide range of intelligence operations for nation-states. Financially motivated actors deploying disruptive malware such as ransomware can also add significant disruption and risk to US state government department operations when attacked,” adds Brown.
Whatever the case, North Carolina is prepared. “We are positioned to respond to cybersecurity incidents regardless of the threat actor or source,” says Main.
Copyright © 2022 IDG Communications, Inc.