Last year, we brought you a chilling story about hackers, and just how often you and I are targeted every single day.
It’s only gotten worse.
In October of 2018, we told you the State of North Dakota was defending us against an average of 5.6 million cyber attacks per month. Back then, the most in any given month was 11 million.
In 2019, these attacks haven’t gone down, they haven’t even slowed down. In fact, in the last couple of months, the state has battled back an average of 15 million attempted hackers per month, tripling the concern from last year.
“You might say, ‘Well who really cares about North Dakota?’ It turns out, there’s a lot of things going on here, whether it’s energy, agriculture, the airforce bases that we have here. There’s a lot of reasons why North Dakota would be a strategic target,” North Dakota Governor Doug Burgum shared.
But there is good news according to the State’s Chief Information Officer, Shawn Riley.
“We have moved from a lagging state to absolutely, hands down, the nation’s leading government when it comes to defending our citizens,” Riley said.
The 2019 legislative session approved the hiring of 17 more employees for the North Dakota Information Technology Department, and more importantly, gave them authority over all aspects of state government, making our cybersecurity strategy uniform.
“We now have the executive branch, the judicial branch, the legislative branch, plus higher education, all K-12, all cities, all counties. So the seven-branch strategy, the whole of government approach, allows us to be able to help any of those organizations, support any of those organizations,” Riley explained.
He mapped out the state’s cybersecurity system for us. 99.99999 percent of attacks are thwarted off by a technology barrier, set in place by ITD.
“Think of a roadway, where you’re going to Bismarck and going to drive around Bismarck, where you’d have to go to one single checkpoint to get into the city to drive wherever you want to. We have that checkpoint,” Riley added.
18 ITD employees take care of that remaining .000001 percent, which is still significant when we’re talking about millions of attacks.
“We have other tools, so again, use that city analogy: you have police that drive around the community, who are there to help people, find those bad actors. We do the same thing, it’s just in a virtual world rather than in a physical world,” Riley said.
Last year, Governor Burgum told KX News one of his biggest cyber goals is to make the switch from a server-based platform and keep government and citizen data in a cloud/mobile platform.
“As we make that transition over time, we still got some risk with legacy systems,” added Governor Burgum.
North Dakota’s legacy systems consist of about 800 old servers.
“Our current drivers’ license system was put in, in 1984. That’s before smartphones, before Windows, before anyone knew what the internet was,” Riley shared.
Nowadays, they’re difficult to use and keep secure at the same time.
“We’ve got environments that don’t get patched anymore. There have been exploits for years and years, and there are no patches. There’s nothing you can do except for literally wall them all off, so they cannot talk to any other system. Well, that’s great from a cybersecurity standpoint, but it is really poor from an operations standpoint,” Riley explained.
The conversion process has begun, but it will take a long, unpredictable amount of time overall, and cost the state 100s of millions of dollars.
In the end, Riley says we shouldn’t underestimate the value of technology.
“You would need a bare minimum or 9,200 more FTEs in government to be able to do the same work we’re doing today without the technology we have. Yes, it costs a couple 100-million dollars to run technology here, but a couple 100-million dollars versus how many billions it would cost for another 9,000 FTEs. We’re definitely demonstrating the value,” he said.
Riley says as technology explodes, the cost of government will actually decrease immensely…but with a different sort of cost.
Every piece of technology is matched with someone who will try to break into it, and our cybersecurity strategy has to grow along with it.
We’re putting you first and wanted to find out what is the biggest type of cyber attack.
The answer: Ransomware, or software designed to deny access to a computer system or data until a ransom is paid.
Universities are a big target, for stealing research and selling information. Attackers looking to steal your personal information, have gotten stronger too through phishing emails.
“Anything they can get ahold of that actually identifies you, that makes it easier to be able to get financial accounts. Those types of attacks happen every single day, against us all day long. We defend against the vast majority, but there are new attacks that come out every single day,” Riley explained.
Riley says ITD tests state employees on a regular basis by sending them fake phishing emails, to make sure they know what not to open. He says four percent of them are still failing these tests.