“New password cannot be the same as old password.”
Maddening? Yes. Necessary? Absolutely.
If it’s connected to the internet, it’s susceptible to attack. Nothing is off limits — personal accounts, schools, hospitals, local government.
Lurie Children’s Hospital in Chicago discovered Jan. 31 a ransomware attack from which the hospital still hasn’t fully recovered.
The extortion-style attacks are used for financial gain by locking data, records or systems and then demanding money in exchange for restoring it.
The City of Bradford experienced such a cyberattack in 2019 when, even though no data was breached, nine out of 11 computers were rendered useless, requiring replacement.
Mayor Tom Riel said at the time, “Many government agencies have been victims of ransomware recently. Fortunately we were better prepared than many other municipalities have been as we were aware of the possible threat.”
He added city officials had “already taken additional steps to further prevent this from occurring again.”
Five years later, the threat looms even larger.
In late 2023, Iran-aligned hacktivists Cyber Av3ngers compromised operations at a Municipal Water Authority of Aliquippa water booster station.
In the wake of that incident, Steve Disney, executive director of the Bradford City Water and Bradford Sanitary authorities, was quick to confirm the equipment and systems compromised in Aliquippa are not those used in operations here.
“Both authorities take protecting our critical infrastructures very seriously and have made significant investments over the last several years on hardware and software upgrades as well as continuous firewall and security patches to combat potential threats and attacks,” Disney said.
Further, he explained the Bradford City Water Authority and Bradford Sanitary Authority enforce proper cybersecurity practices such as multi-factor authentication (MFA), network monitoring, requirements for password complexity, local and off-site backups and quarterly training for employees.
Riel said this week, “We took much stronger precautions after (the 2019 attack) to make sure that didn’t happen again.”
Interim City Administrator Eric Taylor said measures include higher-end firewall configurations and the MFA procedures Disney mentioned as well as ongoing cybersecurity training from the city’s IT contractor, Omnis Technologies.
These recent incidents have highlighted the vulnerability of Pennsylvania’s more than 2,500 local governments and municipal authorities, and led to the implementation of an online resource unveiled this week that aims to help those groups combat the constant cyber threat.
In 2023, 69% of state and local governments reported being hit by ransomware, according to a study cited at a January state hearing on the topic.
“Local governments and authorities hold personal information of citizens, oversee drinking water systems, provide emergency services and more. They must be aggressive in thwarting cyberattacks,” said Sen. Tracy Pennycuick, R-Red Hill, chair of the Senate Communications and Technology Committee, in a press release about the new site. “We heard from experts in the field and local government officials and want to make sure communities have access to information that can help them prevent attacks and withstand them if they happen.”
Sen. Rosemary M. Brown, R-Scotrun, chair of the Senate Local Government Committee, said, “By enhancing awareness and equipping local leaders with the tools and knowledge necessary to mitigate cyber risks, we can better protect communities and ensure the uninterrupted delivery of essential services. I encourage all local officials to utilize this invaluable resource and to prioritize cybersecurity as a fundamental aspect of their responsibilities. Together, we can strengthen our cyber defenses and safeguard the integrity and resilience of our local governments.”
The webpage covers topics including how local governments can access alerts from the federal Cybersecurity and Infrastructure Security Agency, conduct cybersecurity assessments, protect emergency communication systems and more.
The page also helps communities access updates from the Pennsylvania Emergency Management Agency (PEMA) regarding funding opportunities. PEMA administers the State and Local Cybersecurity Grant Program, which distributes federal funding to support cybersecurity efforts.
