A Kansas county is recovering from a cyberattack 13 days ago. Local governments are at risk, experts say.

Andrew Bahl
Topeka Capital-Journal
Pottawatomie County is still recovering from a cyberattack almost two weeks ago, underscoring the internet security risks local governments in the state face amid a national wave of attacks from hackers.

A Kansas county is still recovering from a cyberattack almost two weeks ago, underscoring the internet security risks local governments in the state face amid a national wave of attacks from hackers.

Pottawatomie County was hit with the attack on Sept. 17, officials say, with some of the county's computer system encrypted by the hackers, making them inaccessible and shutting off some services.

“We are very limited,” County Treasurer Lisa Taylor told county commissioners Monday, the Wamego Times reported. “The driver’s license (system) is completely down, we can’t do taxes.”

The county said such services as EMS, police and fire haven't been impacted. Most other services are accessible in-person if residents drive to the county courthouse in Westmoreland, officials said. Federal and state law enforcement have been investigating the attack, the county said in a statement.

Becky Ross, the county's public information officer, said updated information wasn't available as of Thursday midday but that a meeting on the matter was set to be held later in the afternoon.

It isn't the first time Kansas counties have fallen victim to cyberattacks. In 2019, hackers defaced the websites of a half dozen counties, posting photos of Mecca, the Muslim holy city in Saudi Arabia, and messages such as "HACKED BY MUSLIM."

More:Kansas legalized to-go cocktails earlier this year. Here's what liquor changes lawmakers may consider next.

Nationally, such events have become more and more common, fueled by high stakes ransomware attacks where hackers in effect lock computer systems and refuse to back down unless the governmental body pays a fee.

The Colonial Pipeline attack in May, which shut down a key pipeline carrying oil to the southeastern U.S., put the issue in the minds of many Americans as it caused a shortage of gasoline in some states. But local and state governments are equally vulnerable to these sorts of attacks, experts say.

Local governments remain at cybersecurity risk, experts say

At least 2,354 US state and local government agencies, health care facilities and schools were impacted by cyberattacks in 2020, according to an annual report from Emisoft Malware Lab, a firm handling information technology. 

Alan Shark, executive director of the Public Technology Institute, a firm that supports city and county governments on IT issues, said that number is likely low, as breaches aren't required to be reported to any centralized agency and disclosure mandates often differ from state to state.

"We go to sleep at night. (Cyber criminals) don't — they are working 24/7," Shark said. "I grew up in Brooklyn, New York, and a long time ago my wonderful parents said, 'Crime doesn't pay.' And I'm seeing inside the cyber world that crime does pay."

Local governments often have aging IT infrastructure and limited staffing. Shark said training is frequently slashed for workers and that cybersecurity more broadly isn't always a priority for policymakers.

With more and more government services moving online, the quantities of personal information stored there can also make them an appealing target for hackers. Many cybersecurity breakdowns come via seemingly benign actions when a staffer clicks on a link they shouldn't have and falls prey to a phishing scheme or someone leaves their password information out in a public area. 

And some of the state's larger counties have a particularly large workforce and particularly robust amounts of information online, putting them in a particularly difficult position.

"The needs for one county versus another county are going to be vastly different," said Jay Hall, legislative policy director and general counsel for the Kansas Association of Counties.

State, federal governments plan aid to help prevent attacks

Gov. Laura Kelly stood up a cybersecurity task force earlier this year, with an explicit focus on coordinating between state and local agencies.

The panel's initial recommendations for beefing up cyber protections are due next week and are expected to include more regular assessments of cybersecurity challenges at all levels of government, a state-level position to liaison between different public and private entities and more investment in educating and recruiting IT staff.

More:Kansas will start scanning prison mail, citing drug transport soaked into pages. Advocates have concerns.

Shark noted that even basic investments in scouting out potential vulnerabilities and training workers to guard against breaches could pay dividends.

"There are certainly protective measures that one can take, and I'm starting to see progress being made in that area," he said.

And an assist could come from Washington, D.C., as well. A sweeping package of infrastructure investment, currently being considered in Congress, includes $1 billion in cybersecurity investment for local governments nationally.

This is particularly impactful for rural America, as 20% of the funds would be required to be allocated for governments in those areas.

Many local governments are already looking at ways to combine forces and take advantage of economies of scale, giving them a better deal on negotiating with private vendors and giving them more manpower to deal with potential attacks.

Hall said limited resources mean governments have to focus on stretching their dollars as far as possible.

"It's something that I think everybody is aware of and is is prepared for, or is, is preparing as best they can," he said. "But as with anything else, our preparedness is somewhat limited by resource availability. And we've got a lot of resources right now dedicated to a lot of different things."

Andrew Bahl is a senior statehouse reporter for the Topeka Capital-Journal. He can be reached at abahl@gannett.com or by phone at 443-979-6100.