Leading up to the Nov. 8 General Election, San Luis Obispo County officials met quietly with representatives from the FBI to identify possible cyber threats and beef up its security against hackers who have breached the confidential data of state and local governments across the country.
On Election Day, the efforts paid off: County staff watched as foreign parties apparently associated with IP addresses from European and Central American countries attempted to break into its cyber infrastructure, said County Clerk Tommy Gong.
Though the county did not, and has not since, suffered any breach, it has stepped up coordination with the feds and a vast network of small governments to combat what will only be an increasing and ever-persistent threat.
“This, unfortunately, is the new norm,” Gong said.
On Oct. 26, three FBI agents met with several county departments and their staff, including representatives from the information technology department. Gong said that the FBI made recommendations regarding cybersecurity, including sharing information with other governments about cyber threats and general security through the Multi-State Information Sharing and Analysis Center, which has been designated by the Department of Homeland Security as a key resource for cyber threat prevention, protection, response and recovery.
Gong said that based on that collaboration, county IT staff configured the county’s various security devices to block traffic from IP addresses identified as sources of breaches in other states.
By monitoring the county’s firewalls, intrusion prevention, and web application logs throughout Election Day, the county was able to block intrusions from those identified IP addresses as well as new attackers in nearly real time.
SLO County Clerk Tommy Gong
“By monitoring the county’s firewalls, intrusion prevention, and web application logs throughout Election Day,” Gong said, “the county was able to block intrusions from those identified IP addresses as well as new attackers in nearly real time.”
Though Gong and IT Director Daniel Milei say the hack attempts did spike on Nov. 8, they believe the timing of the meeting with the feds — two weeks before the election — was probably incidental, adding that the FBI is coordinating similar security efforts with county governments across the country.
Milei said that in reality, cyber threats have long been on the increase as more information goes digital.
“We need to take the term ‘attack’ and put it between quotes, maybe, because what we saw, we see every day, it’s called abnormal activity,” Milei said. “Usually, not just election time but at any other time, people (are) looking for financial data, health data, personal data that they can take from the county, from any agency, from a bank, or a corporation, bundle, and sell it.”
“It’s a commodity,” he added.
Milei said his department has identified what appears to be attempts to breach the county’s security barriers by IP addresses listed as from mostly European countries, including Austria, Germany, France and Ukraine, as well as Canada and some Central American countries. Officials can’t be certain, however, that those are the countries of origin.
Interestingly, Milei said, the county has not identified activity appearing to come from Russia or China.
He said that there’s also no way to determine the motive behind the attacks, or whether they were politically charged.
Laura Eimiller, spokeswoman for the FBI’s Southern California region, said she could not comment on the agency’s communication with the county. However, in an emailed statement, she said the FBI “routinely advises private industry of various cyber threat indicators observed during the course of our investigations.” She said that information is provided to help local systems administrators guard against the actions of “persistent cyber criminals.”
Going forward, county IT officials will continue to meet or otherwise coordinate with the FBI on a monthly basis, Milei said. They hired a cybersecurity analyst last year and have allocated in the recently adopted budget funds for a full-time cybersecurity officer, who will lead the department in monitoring threats as well as providing internal testing, education and training.
Officials stress that the county has not fallen victim to any attacks and that its beefed up security is a matter of staying a step ahead of interests that will forever be looking for weaknesses to exploit.
“You learn yourself, you share with your peers, your peers learn and they share with you, and that’s how we all try to stay one little step ahead of the game — that’s all we need,” Milei said.