Contact: State Rep. Jason Murphey
Office: (405) 557-7350
State Rep. Tom Gann
Office: (405) 557-7364
OKLAHOMA CITY – The Director of Oklahoma's Information Technology Cyber Command told an Oklahoma House of Representatives’ committee today that it is adapting to protect state information technology assets against a new wave of cyber-attacks and crime.
The Government Modernization Committee was told that in 2016 Cyber Command protected state government assets from 32,333 cases of unique malware, 762 instances of malicious activity, 392 occasions of unauthorized access and two denial-of-service attacks.
Cyber Security Director Mark Gower explained that Cyber Command has created a specific playbook for dealing with an increase in a new attack vector – newly-developed ransomware that locks up state computers and makes them inaccessible until ransom has been paid.
Gower explained that the state's ongoing information technology unification effort and its Security Operations Center is providing an increased visibility into these ransomware attacks, and they are using the Center to deter the attacks before they can occur. He said that not a single unified state agency has been forced to pay ransom to the attackers.
Gower assured committee members that it is the policy of the Security Operations Center to never pay ransom.
Committee members did discover that a non-unified state government entity appears to have been forced to pay the ransom. The non-unified entities do not benefit from the same protection levels as the entities, and the policies and protocols of the Security Operations Center do not apply to them.
"According to testimony to the committee, it appears as if one of the non-unified state government agencies may have laundered taxpayer money through Bitcoin in order to pay ransom to their attacks," said Committee Chairman Jason Murphey, R-Guthrie. "This isn't acceptable. It's imperative for the state to complete its IT unification and safeguard all state government data!"
"State agencies are the stewards of data that impacts every Oklahoman in one way or the other. It should be a comfort to them to know that our committee, the members of the House, and the state's Cyber Command are committed to ensuring the implementation of best practices against these new attacks," added Committee Vice Chair Tom Gann, R-Inola.
State IT officials have assured committee members that they intend to complete the IT unification by the end of the fiscal year and extend the security protect to the non-protected state agencies.