Vice President Mike Pence on Tuesday mentioned Finney County’s computer network issues during the Department of Homeland Security Summit, using it as an example of how government at the local and state level can work together to safeguard against potential election issues and cyber attacks.
Pence said during the summit that the DHS has been working to help state and local governments rapidly respond to cyberattacks.
“Less than two weeks ago, Finney County, Kansas, reached out to DHS for help after a malware attack forced them to shut down not just their election network, but the entire county’s network. Federal officials worked earnestly, hand-in-hand, with county officials to identify and ultimately eliminate this dangerous intrusion,” Pence said during the summit. “This action was a model of the collaboration that we need to ensure the security of our elections, and we commend the state, and local, and federal officials that made it happen.
Finney County Clerk Dori Munyan said on Thursday that there have been zero issues with election work over the course of time that the county has been experiencing computer network issues.
“You know, it pains me to say it, but it’s not true,” Munyan said of Pence’s comments regarding the county. “There was no election network shutdown.”
DHS officials told the Kansas News Service that state and county information and networks had not been impacted, and that there was no evidence that the malware attack had spread to other locations, or leaked information.
“To date, there are no indications that any citizen’s personal information was impacted,” a DHS official wrote in an email to the Kansas News Service.
According to Finney County officials, the county’s IT department previously discovered and addressed potential threats on individual computers. When the threats began piling up faster than they could be addressed, the county shut down the network on July 12 to isolate the threat. When IT believed the infection to be contained and cleaned, the network was brought back online July 13, after which the virus spread again to once-clean devices, according to the county.
Because of backups and other precautions, county officials stated previously that they were, “confident that our data has been completely protected by this network shutdown.”
The county identified the cause of the malware as a “malicious attack” to a computer outside the county’s private network.
“We do not consider this a direct attack on Finney County. A malicious email attachment or link was received and clicked on,” Sarah McClure, county communication specialist, said Friday. “We acted quickly by taking appropriate and successful steps to protect our network and data, and bring our network back up as quickly as possible. As part of that process, we successfully cleaned our network of any infection. We continue to monitor for any threats, and we have implemented additional user training to help minimize vulnerabilities.”
Because of the attacks, the county IT department requested assistance from the Department of Homeland Security Incident Response Team and Trend Micro, a locally installed anti-virus software company.
Less than a week later, after the county thought the issue was resolved, an attack happened again, which resulted in various county departments closing or not providing services.
The health department could not see patients for a short period of time, the motor vehicle department was offering limited services, and all six counties of the 25th Judicial District (Finney, Greeley, Hamilton,Kearny, Scott, and Wichita) closed courts for a period of time due to the network shutdown.
As of July 24, the motor vehicle department and the treasurer’s department have been operational, McClure said.
The health department began seeing patients again last week for limited services that they could provide on paper.
“Starting Monday, July 30, the health department began seeing all patients and walk-ins, with the exception of immunizations,” McClure said. “We are actively working to reconnect with the state to make this service available as soon as possible.”
County officials said previously they want the public to be aware that this virus did not originate in the county network and is not contained to the county network. Initial symptoms will be a computer lockup, so many small or individual citizen networks might attempt to restart their computer while their antivirus software may never detect an infection," McClure said in a previous press release.
The county also determined that the attack was a new virus and can easily pass undetected through many antivirus software.
“The virus is traveling though emails with attachments and links that look like they come from someone you know. Many of the email messages have said something like ‘This is your invoice,’” according to the county. “Users should not click on any links or attachments, as this will enact the virus. We encourage everyone to avoid unanticipated emails with links and attachments, and to have their computers cleaned for viruses.”
Munyan said the clerk’s office did notify the Kansas Secretary of State’s office about the network issues last month as required by the state, but reiterated that there were no issues with advance voting processes.
“Anytime something odd is going on, we have to let the Secretary of State’s Office know,” Munyan said, adding that advance voting began on time on July 18.
“We’ve been running daily since and have been very busy,” she added.
Advance voting ends at noon Monday, and can only be done at the clerk’s Office. Those wanting to vote after Monday can do so on the primary election day starting at 7 a.m. and through 7 p.m. at their appropriate polling stations.
Munyan said there should be no issues with advance voting or with elections come Tuesday.
If a resident who plans to vote on Tuesday comes across any issues, they should contact the county clerk's office by stopping by the office at 311 N. Ninth St., or by phone at (620) 272-3524.
Contact Josh Harbour at firstname.lastname@example.org.