Serious cyber incidents struck state courts in Alaska, Georgia and Texas in recent years, with one leaving Alaska’s courts a month without Internet and four months without connection to the executive branch. During a National Center for State Courts (NCSC) eCourts conference in Las Vegas, court administrators explained what went wrong and the lessons they learned about recovery and prevention, reports Governing. Texas received a ransomware attack in May 2020 while IT staff were asleep. It affected servers at each of the state's two high courts and at its 14 intermediate appellate courts, said Casey Kennedy of Texas’ Office of Court Administration. Hackers likely used a phishing campaign to take over a regular user email account. “We could watch them jump from server to server until they found our domain controller … the machine that stores all your usernames and all your passwords,” Kennedy said. Then the perpetrators switched to using a more subtle attack by using the Notepad application. New attention on improving password policies became important for Alaska after its own incident in April. “Eighty-six percent of our passwords were hacked in less than four hours,” Alaska State Court Administrator Stacey Marz recalled. “We [had] a lot of repetitive passwords like ‘Alaska123.’” The court needed to cut internet access to prevent the attack from progressing, yet their specialist four time zones away. "You have to really think about the vendors you're working with,” Marz said. “We had outsourced our firewall roles, and that was a major problem for us.”
Alaska took its court system offline to ensure the perpetrators were removed from the network, then to rebuild systems, bolster security and restore material from backups. The courts had to proceed without Internet for about a month, which stopped everything from e-filing and online bail postings to Zoom hearings and digital payroll systems. Alaska courts trained staff to bring certain skills in-house; planned backup and alternative methods to Internet-based functions. Georgia called a 2019 ransomware attack an opportunity to modernize. The court decided to bypass restoring legacy systems and instead rebuild the cloud to bolster future resilience, said Jorge Basto of the Cherokee County Clerk of Courts. While law enforcement was focused on investigating the incident, court officials focused on getting back online. Today the question isn’t if or even when organizations will be hit by a cyber attack, but how bad the damage will be, which makes planning for resilience essential, Basto said.
Comments