In July 2019, several school districts in Louisiana were brought to a stand still by cyberattacks on their legacy systems. The attacks came just weeks before the new school year and prompted Gov. John Bel Edwards to issue a cybersecurity emergency activation. By declaring a state of emergency, Edwards equipped the affected local governments to harness the expertise of cybersecurity professionals from the Louisiana National Guard, the Louisiana State Police, and the state’s Office of Technology Services to resolve the most recent attacks and prevent future attacks.
While the emergency declaration was the first in Louisiana history, these attacks are not the first made on local governments. That happened back in 2013 when the small town of Greenland, New Hampshire was the victim of a ransomware infection. Since 2013, the number of attacks on local governments have been on the rise. In 2018, there were 53 reported attacks on state and local governments, and in the first four months of 2019 alone, there were 21 attacks, according to a recent report by the security intelligence specialists at Recorded Future.
A wealth of personal information is stored in government systems, making these networks particularly tempting to criminals. Limited resources and obsolete software make them vulnerable to attacks. Many government offices rely on outdated legacy systems to carry out the order of the day, and it can be challenging for underfunded agencies to stay up to date with a technology refresh cycle that picks up more speed every year. As legacy systems gather technology debt, they become increasingly susceptible to cyberattacks.
Even when funding is available, the nature of government work makes legacy systems difficult to update. Many of these systems are mission critical. They function at full capacity around the clock, making it difficult to find an appropriate time to refresh software and run necessary security updates. The behemoth character of government systems, the sheer volume of data stored and processed, creates a challenge for agencies that want to evolve their technology to meet more modern requirements.
The situation is exacerbated when vendors are slow to release security patches, a delay compounded by the slow march of bureaucracy. The city of Atlanta, for example, was infected with the NSA-developed DoublePulsar backdoor malware a month after Microsoft released a critical security patch to protect systems from the exploit. However, even when governments install patches promptly, it’s no guarantee of security. In many cases, patches don’t help the situation because agencies are relying on legacy software that is no longer supported. These outdated networks can’t be brought up to date, and so agency data is left vulnerable to attack.
The threat of cyberattacks will continue to grow and evolve with time. Agencies that take a reactive approach will only be equipped to respond to known attacks. Custom software solutions empower government offices to build proactive systems, systems that are designed to be one step ahead of criminals. By understanding the unique architectural requirements of an agency, the interaction of necessary software elements, the collaborative efforts of multiple agencies, custom software is engineered to be seamless, sealing the breaches that cybercriminals use to their advantage.
At Antares, we’ve worked with multiple government agencies to develop custom software solutions that keep data secure while also streamlining operations. Contact us today to learn how we protect our clients from a technological state of emergency.