ALBANY — In a recent incident that officials say illustrates the vulnerability of local government computer networks, the communications system of an upstate New York police agency was disrupted by a hacking attack.
The Schuyler County Sheriff’s Department, headquartered in Watkins Glen, had to get support from surrounding counties after the hacking temporarily crippled its 911 emergency system and ability to dispatch deputies to calls, said Peter Kehoe, director of the New York State Sheriffs’ Association.
Kehoe said such incidents “are a very big concern for us,” particularly since the disruption of a communications systems could severely impair a law enforcement agency’s ability to protect the public during a crisis.
The need for enhanced cyber security measures to counter attempts to breach networks often containing highly confidential and personal information stored on government computers has prompted the New York State Association of Counties to arrange a workshop on the issue at an annual conference it will hold in Syracuse from Sept. 13 through Sept. 15.
Officials say hacking attempts appear to be on the rise, with those targeting government networks often based in Russia, China or North Korea.
A memo circulated by Schuyler County Sheriff William Yessman Jr. last week described the hacking episode there as a “direct attack from a foreign country on our system,” coming from a computer that “kept trying various passwords until it accessed our system.”
The attack on the sheriff’s agency came within a week of the release of an Aug. 24 report that found that government computer networks are often more vulnerable to attacks than the systems of fast-food chains. That report, by SecurityScoreboard, a cyber security consultant, was based on an analysis of more than 500 federal, state and local government agencies.
“Once a hacker is inside the organization’s network, digital assets can be compromised or stolen outright, throwing operations into chaos,” the report warned.
The Center for Internet Security, based in the Troy suburb of East Greenbush, provides advice and support to hundreds of local and state agencies, with help from federal funding. The organization’s vice president, Brian Calkin, said he recommends that agencies keep all data stored on their networks backed up in computers that are not connected to their systems and are stored in locations apart from their base of operations.
Keeping intruders out has become even more important since the use of ransomware — malicious software used to prevent computer users from accessing data until money is paid to those who planted the virus — became part of the repertoire of some hackers in 2014.
“Ransomware has become the bane of our existence,” said Calkin, referring to those in the cyber security field.
Local government agencies often lack the funding to hire cyber security professionals, or, in the case of many upstate sheriff’s departments and county boards of elections offices, have to rely on the county’s information technology department to handle their needs.
“In the cyber security field, there are zero folks out there now who want a job and don’t have a job,” Calkin said in noting that government and other industries are recognizing the need to beef up on their security efforts.
Even a small vulnerability can lead to large problems for government networks, experts said.
Brian Pokorny, director of the Otsego County information technology department in Cooperstown, said his county network was compromised when a county employee’s smart phone was hacked through a technique known as keystroke logging. It allows a hacker to access user names and passwords for entering networks.
Pokorny said his department reviews the security of the county computer systems daily to make sure no hacker has intruded, and Pokorny said he has been in touch with the state Board of Elections in Albany to stay abreast of the latest concerns regarding voting data.
“The level of phishing attempts has increased dramatically in recent months,” he said. “We’re making sure our county employees are being vigilant when they open email to make sure they’re not sending information to people they don’t want to send information to.”