Travelling back from the National for Court Management annual conference, I am reflecting on a meeting of national court leaders from across the country that I attended. Of the dozen or so representatives at the table, five reported cyberattacks. For three of the jurisdictions, the attacks were debilitating.
Right now, as you are reading this sentence, it is likely—no, it is a virtual certainty—that a cyberattacker is looking for a way to infiltrate your networks and systems. Once inside, they will navigate undetected and often for months at a time, to identify unprotected or poorly protected data applications and files. When they gain control of your most valuable technology assets, they strike. Today, that attack almost always takes the form of a ransomware.
Ransomware enables cyberattackers to encrypt the targeted organization’s files. Only when the organization agrees to pay a ransom—hence the name—does the cyberattacker in theory decrypt the files. As you might expect, this is not always how the event plays out. A relatively new type of attack, known as a double-encryption ransomware attack, is on the rise. As the name implies, the targeted data is encrypted twice to force a second payment.
To make things worse, many times networks and systems are not infiltrated solely to extract a ransom. The cyberattacker also may seek to steal data that can be sold to others on the dark web. Both approaches tend to yield a big payday for the cyberattacker.
There was a time in the government sector, not that long ago, when only the largest government agencies or possibly our public safety partners were the primary or sole target of cyberattacks. But now the threat clearly has extended to courts and the balance of the justice community. For example, the state of Alaska court system suffered a critical cyberattack in May 2021 that reportedly affected nearly all of its information technology (IT) systems. This impacted the electronic filing system, court calendars, the system that enabled online payment of bail and court fees, and the system that enabled virtual hearings. In addition, external emails of court personnel also were impacted.
Well, it is not uncommon for it to take more than a week simply to identify the breach point. Law enforcement may wish to maintain the “crime scene” (i.e., your systems) intact and offline for weeks after to conduct their criminal investigation. Beyond that, rebuilding or replacing your applications can take months.
But the impact may not end there. It should be noted that court systems have in their possession a vast amount of personal and/or highly sensitive data. If a data breach occurs as a result of a cyberattack, the court system, as well as the governmental entity under which it operates, could find itself at risk of liability exposure and subsequent costly litigation—especially if no cybersecurity protections had been executed prior to the attack.
While a cyberattack seems inevitable and the consequences can be dire, there is much that courts and their justice partners can do to make such attacks less likely and less consequential. Over the next few weeks, a series of follow-up blogs will be posted to the MCP website that will present best practices, in a crawl-walk-run progression, designed to inform your agency’s cybersecurity effort. These are pragmatic and affordable steps you can take to protect your court or justice agency.
In the meantime, you are encouraged to view the monthly CyberChat videos on the MCP site that are presented by Mike Beagles, MCP’s platform and service product manager, who is a certified Cisco CyberOps associate with more than 13 years of IT and cybersecurity experience. Another good idea is to sign up to receive the cybersecurity threat notifications that we push out whenever a new threat is identified. Finally, our team of subject-matter experts stands ready to help you develop a multilayer approach to cybersecurity that is customized to your organization’s need, budget, and resources. We can help you make things much more challenging for cyberattackers to infiltrate your systems and compromise your operations—please reach out.
Joe Wheeler is vice president – justice and courts for Mission Critical Partners. He can be emailed at JoeWheeler@MissionCriticalPartners.com.