Скачать книгу

and access to the state's network and applications to prevent potential damage. Disruption to the county's 911 center and resulting risk to public safety was a major concern. This incident illustrated the potential for cyber events to have significant impact on public safety operations – fire, emergency medical, law enforcement, emergency communications, and other public safety partners – which in turn would directly and negatively impact the health and safety of the communities they serve. Fortunately, while some enhanced functions, such as integrated mapping, were impacted, the county was still able to receive and dispatch calls.

      From 2018 through 2019, ransomware attacks continued to accelerate in number and sophistication across the United States, targeting hospitals, state and local governments, and schools, causing major operational disruptions and financial impact. New York was not exempt.

      On Saturday, March 30, 2019, the government cyber response team received a call from the City of Albany, which had experienced a major ransomware attack. Servers and workstations had been encrypted, resulting in significant operational impact across multiple systems and services. The attackers were demanding payment in Bitcoin to unlock systems. The City had engaged law enforcement, and FBI investigators were onsite. Within 30 minutes, the Cyber Command Center CIRT team members were onsite, helping City IT staff and the FBI with critical response actions and forensics.

      City officials coordinated response and communications as the investigation and recovery efforts unfolded. The complex interdependencies between systems, data, critical functions, and services that incidents reveal never fail to amaze. Fully understanding these connections and program touchpoints in advance is critical, including linkages to county and state agencies' systems, potential collateral impact on program services, and related third-party dependencies.

      New York's CIRT team responded to a call from the IT director of Lansing High School in Ithaca, reporting the presence of Ryuk ransomware on the school's IT infrastructure. The next call came from the school district in Watertown. They too had suffered a ransomware attack. A similar attack crippled the Syracuse city school district's computer system. Over the next days and weeks, calls were fielded from multiple school districts across New York State.

      The New York State Education Department notified all districts about the cyberattacks and coordinated the response to the incidents in affected educational agencies with the assistance of the State Office of Information Technology Services, CYCOM, and other state cybersecurity teams, including the State Intelligence Center, Division of Homeland and Emergency Security Services, and the Multi-State Information and Analysis Center (MS-ISAC). Briefings with the New York State Department of Education and 11 Regional Information Centers (RICs) ensured that everyone had current information and focused support. The attacks were investigated, and the affected agencies recovered and implemented processes to mitigate recurrence.

      On Christmas Day, 2020, the Albany (NY) International Airport was subject to a ransomware attack, and later paid a ransom to restore access to their data. The

Скачать книгу