While there may have been a crack in Killeen’s firewall, other local governments say the mortar that holds their sites together is strong.
Killeen’s city website was hacked last week — the second time this year.
CivicPlus provides hosting for the cities of Temple and Belton websites. CivicPlus hosts and builds websites for more than 2,000 local governments around the nation.
CivicPlus “uses multiple firewalls to consolidate intrusion prevention, gateway anti-virus/anti-malware, content filtering, application blocking, and geo-blocking,” Temple spokeswoman Shannon Gowan said.
Belton spokesman Paul Romer is in charge of Belton’s website. Because Belton is so small, only a handful of people have administrative access to the site. Every person who has access to the site is given a complex password by Romer, he said.
Romer said that he is confident in the security CivicPlus provides for Belton’s site.
“We feel like our website is secure,” Romer said.
Like Belton, Temple recommends strong, complex passwords.
“The firewall has a lot to do with protection but we start by implementing strong passwords that can strengthen our security and limit login attempts,” Gowan said.
As for Bell County’s site, Adam Ward, technology services director, said that they use a company called Revize to host their site.
“Revize was the best bang for our buck,” Ward said, noting that the county kept taxpayers in mind when considering their website hosting options.
While Bell County has not been hacked, Ward says he is confident in the website’s security. However, he did warn that confidence does not guarantee security.
“We’re not the NSA or CIA and they still get hacked,” Ward said.
In late 2013, hackers penetrated the county phone system at least three times. Jim Chandler, who was the director of Bell County’s technology services department at the time, told the Commissioners Court that one attack exploited a previously unknown vulnerability to send a 12-second outgoing message. That attack came after hackers used the Bell County phone system from Nov. 30 to Dec. 2, 2013, to place a series of international calls that rang up more than $27,000 in fraudulent charges.
While local government officials were open to talking about how their websites are protected, Temple Independent School District officials were tight-lipped.
“For the protection of our website and our data, we don’t discuss security procedures with the public,” Matthew LeBlanc, district spokesman, said.
“Regarding what we would do in the event someone did hack our website,” LeBlanc said. “We have a policy in place that essentially requires us to notify those affected about the breach.”
Belton Independent School District uses a third-party vendor to provide hosting and content management system for their district’s website.
“As a result, many of the security measures are implemented by the vendor,” Belton ISD spokesman Kyle DeBeer said.
DeBeer said the vendor is in charge of protecting their website with data encryption, user authentication and application security.
He said the vendor ensures “peace of mind” regarding the security infrastructure, which provides firewall protection, intrusion detection, SSL encryption and proprietary security products.
“On the district’s side, we limit employees’ access to edit the website to their area(s) of responsibility,” he said. “So if an employee’s login credentials were compromised, the person using that login would be similarly limited.”
Additionally, DeBeer said the login credentials for the website are integrated with the district’s directory service.
“So when an employee leaves the district, his or her login can no longer be used to access the site,” he said.
In the event that someone made malicious changes to the site or deleted data, DeBeer said, the vendor would be able to restore our data.