As state officials make routine preparations to protect against cyberattacks on Florida’s elections infrastructure, the National Governors Association has recommended a framework for how states can plan for attacks like Colorado’s “ransomware” attack last year.
Then-Colorado Gov. John Hickenlooper made the first state “cyber emergency” declaration last year after hackers mounted a ransomware attack against that state’s Department of Transportation. The hackers locked the government out of its Internet accounts and demanded ransom. The state never paid – it had prepared for such an attack by segmenting networks for various agencies and backing up data that allowed it to rebuild the state’s transportation system.
A report the National Governor’s Association issued this month dissects cyber planning by 15 states that have made their efforts public. Florida was not among them, but last month Gov. Ron DeSantis plowed about $5 million into election security – including federal dollars – and said that Secretary of State Laurel Lee had settled on a “comprehensive, multi-phase plan to review and fortify Florida’s election system.” The idea is to assess how secure the system is, identify vulnerabilities, and address any problems.
Spokeswomen for the governor and Department of State on acknowledged requests Monday from the Florida Phoenix for information about the status of that review but haven’t provided any information yet.
Last month, the City of Riviera Beach agreed to pay 65 bitcoin – nearly $600,000 – to hackers who corrupted its computer system by installing malware delivered through an email opened by a city employee. City government completely lost access to email and the ability to pay employees and vendors via direct deposit, and the emergency response dispatch system was rendered useless.
The national report provides a list of recommendations, including how states need to identify critical public and private infrastructure that might be vulnerable to attacks. The association also says states need a clear structure for planning and response to the attacks, including a hierarchy of which departments will lead.
“Like a Category 5 hurricane, states realize that they have a role in mitigating the impact of such a scenario and are solidifying their [roles and responsibilities] in cyber disruption response plans,” the report says.
U.S. Special Counsel Robert Mueller reported that hackers had penetrated the online elections infrastructure in one Florida county, although DeSantis later said that two counties were affected. He wouldn’t say which two. News organizations subsequently identified one of the victims as Washington County.