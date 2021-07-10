Ransomware, cyberattacks, infrastructure targets, utility disruption; these topics were the subject of movies and dramatizations just a few years ago, and are now part of the nightly news and newspaper headlines. The use of computer software to cause financial harm and interruption to activities of daily life is being perpetrated by individuals and organizations both domestically and internationally.
According to INTERPOL, the rate and type of cyberattacks has shifted from targeting “individuals and small businesses to major corporations, governments and critical infrastructure.”
Tewksbury was the victim of a ransomware attack in 2015 when cybercriminals hacked the police department system and demanded payment to restore access to the department’s data. After finally agreeing to pay $500 to an anonymous hacker, the department was able to resume operations.
Municipalities across the country have fallen victim, as have thousands of small businesses. Yet, the attacks, scaled up now to include the largest US pipeline in May, crippled service from a company that transports more than 100 million gallons of gasoline and other fuel daily from Houston to the New York Harbor.
In fact, this Fourth of July weekend, businesses across the country had their networks compromised when their Keseya software systems were infiltrated by what is believed to be a Russian hacking group known at REvil. This may be the largest cyberattack to date according to experts.
During a cyberattack, which is a computer-based breach of data systems, personal information of customers or employees, and/or intellectual property proprietary to corporations, is accessed or compromised by external actors.
Tewksbury selectman James Mackey is keenly aware of the threats, working as a cybersecurity professional and also teaching about cyber threats as part of his Army National Guard service. New England National Guard members recently came together for a program, dubbed Cyber Yankee 21, to participate in simulated cyberattack scenarios at Camp Edwards in Mashpee.
The National Guard Defensive Cyber Operations companies are trained and geared to support the Marine Expeditionary Force Information Group, Marine component headquarters, or a combined/joint task force headquarters in order to enable and enhance the warfighting abilities of a commander, according to the Defense Visual Information Distribution service.
As part of this year’s Cyber Yankee training, the guard spent two weeks simulating a cyberattack similar to the one that brought down the Colonial Pipeline. The exercise not only focuses on the technical side of operations, but works on collaboration between multiple entities, a key component of cyber defense strategy.
Mackey said municipalities should be thinking about steps they can take to protect resident data and local infrastructure.
“The federal government,” said Mackey, “has devoted large amounts of resources to building and developing cyber threat detection and response capabilities. More recently, the states have started to devote more resources to the same. Sadly, municipalities are behind the curve.”
Experts say the public sector is especially vulnerable because governments tend to have outdated computer systems, and they maintain crucial, sensitive data. Exercises such as Cyber Yankee 21 are valuable not only for the support that the military services can bring to help unravel a cyber threat event, but it also spreads knowledge to service members when they return to their civilian positions and are able to share their expertise.
Said Mackey of how communities can protect themselves, “At a minimum, municipalities should be implementing basic security policies and procedures and working to identify resources for local threat detection and response.”
