Responding to Cyber Threats Across the State

Shannon Tufts teaches a full classroom of professions at the Knapp-Sanders building in 2019.

This story was featured in the Winter 2021 issue of Coates Connection, a publication of the School of Government.

Connectivity is more important than ever to North Carolina’s local governments. Departments ranging from social services to sanitation rely on technology to deliver essential services to constituents, and employees are gatekeepers for an ever-expanding cache of sensitive data.

This reliance on computer systems means local governments are a prime target for cyberattacks designed to lock swaths of officials out of their files and servers. The prevalence of these attacks is skyrocketing: in 2019, officials responded to 13 known attacks on public entities in North Carolina. So far in 2020, they have responded to 20 similar events and counting. COVID-19 has exacerbated these problems because many local governments have been forced to rapidly implement teleworking options for employees.

Because IT teams play such a critical role in the successful day-to-day operations of a local government, going offline necessitates an emergency response. Now, they count on support from individuals like UNC School of Government faculty member Shannon Tufts and organizations like the North Carolina Local Government Information Systems Association (NCLGISA).

In 2016, a group of NCLGISA members formed the organization’s IT Strike Team to help staff in the wake of natural disasters. Tufts joined the Strike Team in 2019, the same year it was tasked with responding to a new type of crisis: cyberattacks on local governments.

“Cyber security has been a big change in the evolution of the Strike Team,” said Randy Cress, NCLGISA member and assistant county manager and chief information officer for Rowan County. “A cyber event is much like a hurricane—it shuts down a local municipality or county.”

Most cyberattacks begin months in advance with the innocuous click of a computer mouse. After a single employee follows the link contained in a phishing email, it can take 90–180 days before governments realized they have been compromised. The earliest indicators of a problem frequently manifest outside of business hours.

“IT personnel will discover a message left by the threat actors that all their files are encrypted and inaccessible,” Tufts said. “Attackers demand payment in order to decrypt the files. At that point, these organizations are dead in the water—they can’t operate.”

In the past, these communities might have been forced to face these emergencies alone or perform triage as they operated at a lower capacity. Tufts, Cress, and other members of the IT Strike team are now providing a road map for recovery for these communities. They work in concert with groups including the N.C. Department of Information Technology’s Enterprise Security and Risk Management Office, the North Carolina National Guard’s cyber response team, and the FBI.

The IT Strike Team is particularly important because they bring a local government lens to the situation. NCLGISA members are familiar with the systems, procedures, and unique needs of these clients, allowing for a compassionate response that respects the impacted agency.

Tufts focuses on project management and prioritization when multiple agencies respond to a single ransomware event. The road to recovery can take months. “It’s a marathon, not a sprint,” Cress said, but it also serves as an opportunity to improve systems and prevent future attacks.

For Tufts, the work is deeply meaningful after years of investment in North Carolina alongside the School and NCLGISA. Her Center for Public Technology at the School was founded with support from NCLGISA on the request of local governments for IT assistance.

“It has probably been the most rewarding work I’ve ever done in my career,” Tufts said. “I’m an advocate for good government, but really I’m an advocate for good government IT. That means getting the name and faces of all IT professionals raised up to the level they deserve.”

The School of Government is grateful for the ongoing support of NCLGISA, which includes a $125,000 commitment made in 2019. Funds will be used in support of the Center for Public Technology, including scholarships and ongoing training efforts.