by Casey Mann, Senior Correspondent

Chatham County government was victimized by a cyberattack on Wednesday, Oct. 28th. The attack affected access to its network, email and phones. A majority of county departments, including the county manager’s office, the health department, planning and development, the department of social services, were adversely affected.

Since the attack the county has worked to restore rudimentary services and communications for the various departments while at the same time the incident is being investigated by several branches of law enforcement.

How did this happen?

Chatham County is not commenting on the specifics of the attack or extent of the incident since it is still being investigated, but has employed a “containment strategy” to minimize the damage. 

The Chatham County Line contacted Carol Taylor, a security analyst who contributed to the Strategic Defense Information project, for analysis and insight. Taylor said security efficacy contains three basic elements — a formal type of separation, rules and procedures to keep that separation valid and random tests to make sure separation is complete and procedures are being followed.

“The requirements for securing are the same, in general, for anything we wish secured,” Taylor said. “That includes our home security, security of a baby in a car seat, and computer security systems. Think of the last thing you do at night before you go to bed – checking all the windows and doors. Think of what you do when you leave your home and lock the door – that check to make sure the door is locked. The check to make sure the baby’s car seat is securely in place. Those same general requirements also apply to computer systems.”

A lack of separation may demonstrate why some Chatham County departments were affected while others were not. For example, the Chatham County Sheriff’s Office runs off the same network as a majority of the county’s departments, which is why it lost service access. But the Chatham County School System works on a separate network, and thus it was unaffected.

Did the cyberattack affect the elections?

The Chatham County Board of Elections are on the same network as the majority of the county’s departments. As such, on October 28th, the Election offices lost its network and system access which created some challenges in uploading data to the State Board Elections. However, the county’s actual election equipment does not connect to County’s system. 

North Carolina’s election equipment statutes require a separation, as well as a way to randomly audit election equipment results, which is why the state requires paper ballots that can be audited. Taylor, who also wrote a doctoral thesis on securing computerized voting machines and systems, noted that separation as well as the procedures and tests which was ultimately why the election in Chatham County could continue without disruption.

Why did it happen?

Local governments being hit by cyberattacks is not a new phenomena. A rash of cyberattacks in 2017-2018 hit multiple agencies including Newark, NJ, Atlanta, San Diego and the Colorado Department of Public Transportation. Two Iranian nationals were indicted in 2018 for some of those attacks. 

In 2018, these types of attacks became even more localized with Jackson County, GA paying a $400,000 ransom to recover its data after an attack. More locally in 2019 Orange County, NC was hit by its third malware attack in five years. Then in early March of this year as the pandemic was taking off, both the City and County of Durham were hit with extremely disruptive malware attacks that locked up its IT systems including its register of deeds which effectively froze the local real estate market for a period of time. It is believed that the Durham attack was the same Russian ransomware utilized to put the City of New Orleans into state of emergency near the end of 2019.

Although Taylor is not privy to the details of Chatham County’s cyberattack, Taylor suggests a common thread.

“Generally, the cheapest requirement – rules and procedures – is the least required and/or followed in any computer system,” Taylor said. “Also, most computer systems rarely have the security and separation requirements checked with attempted break-ins. The result is what we have witnessed over the last few years from, generally, foreign countries or companies working for those countries and their successful break-ins to our systems. We must be more prepared for this intrusion, because the invaders are very capable and enjoy their positive results.”

County Manager Dan Lamontagne updated the Board of Commissioners at its November 16th meeting and stated that they were still waiting for licenses from Microsoft; staff had been working off of personal laptops; vendors were working with the County to rebuild their systems; the County was waiting for the forensic report from the National Guard, and that an after-action report to the Board of Commissioners would be made once the investigation was final. 

How to access Chatham County services

Chatham County has restored many of the phones in its system, but has limited voicemail capability. In addition, many of the departments have some email accessibility using a new email extension — chathameoc.com, but the county said it will also be changing over to a new .gov extension. Chatham County has asked the public to be patient as it works to rebuild systems and restore services. 

For more information as to how to access Chatham County staff and services, visit the county’s website at www.chathamnc.org/about-us/cyber-incident.